The Red Hat Certified Systems Administrator, or EX 200, exam is one of the most highly regarded entry-level exams in the Linux world. The skills you learn while preparing for the exam will not only prepare you to pass the exam itself, but also to perform real-world activities in a real production environment. Instead of a multiple-choice test, the exam takes place in a real environment. This makes the RHCSA an extremely desirable certification. This hands-on lab will walk you through similar scenarios to those you may find on the exam and will provide insight to the preparations you need to make to pass the exam. Please note, this exam should be taken after you have completed the RHCSA course. This practice exam should not necessarily be used as a study guide, but as a readiness indicator. The repo/GPG key required for the exam can be found here:
Successfully complete this lab by achieving the following learning objectives:
- Start the Guest VM
Get the VM’s name from
virsh list --all, and start it using
virsh start <VMNAME>.
- Create Three Users (Derek, Tom, and Kenny) that All Belong to the `instructors` Group. Prevent Tom’s User from Accessing a Shell, and Make His Account Expire Ten Days from Now.
We need to create three users that must belong to the
instructorsgroup. Their names are Derek, Tom, and Kenny. We want to make sure that Tom can’t get to a shell, and we want his account to expire ten days from now.
You can create the users using the
Group and shell modifications are done with
usermod, and you can set an expiration date using the
- Download and Configure Apache to Serve `index.html` from `/var/web` and Access It from the Host Machine
Install Apache using
yum install httpd. Then edit
/etc/httpd/conf/httpd.confto change the DocumentRoot as required.
- Configure Umask to Ensure All Files Created by Any User Cannot Be Accessed by “other” Users
The default umask for all users is set in the
- Find All Files in `/etc` (Not Subdirectories) that Are Older Than 720 Days, and Output a List to `/root/oldfiles`
findcommand has numerous flags that can help with this.
-maxdepth 1will search only
/etcand not any subdirectories.
-mtime +720will match on files that were modified more than 720 days ago.
A complete command is:
find /etc/ -maxdepth 1 -mtime +720 > /root/oldfiles
- Find All Log Messages in `/var/log/messages` That Contain “ACPI”, and Export Them to a File Called `/root/logs`. Then Archive All of `/var/log` and Save It to `/tmp/log_archive.tgz`
To find matching lines in a file you should use
grep ACPI /var/log/messages > /root/logs
Then you need to compress /var/log.
tar -czf /tmp/log_archive.tgz /var/log/
- Modify the GRUB Timeout and Make It 1 Second Instead of 5
/etc/default/gruband change the timeout to 1.
grub2-mkconfig -o /boot/grub2/grub.cfgto rebuild the GRUB configuration and make the change take effect.
- Create a Daily Cron Job at 4:27pm for the `derek` User that Runs `cat /etc/redhat-release` and Redirects the Output to `/home/derek/release`
To edit a user’s crontab you can run:
crontab -e -u derek
And then the format of the line for this task would be this:
27 16 * * * cat /etc/redhat-release > /home/derek/release
- Configure `time.nist.gov` as the Only NTP Server
The NTP client in RHEL and CentOS is
chrony. The configuration file for
Edit that file, remove the default lines that begin with
server, and write a new one like this:
- Create an 800M Swap Partition on the `vdb` Disk and Use the UUID to Ensure That It Is Persistent
First we need to create a new partition:
nto create a new partition.
- Accept the default for the partition number.
- Accept the default for the starting sector.
+800Mfor the ending sector.
tto set the partition type (use
82to set it to Linux Swap).
wto write the changes.
partprobeto make sure the kernel knows about the changes.
mkswap /dev/vdbX, where X is the partition number.
blkidto get the UUID of the partition.
Add the following to
UUID="LONG-UUID-STRING-COPIED-FROM-blkid" swap swap defaults 0 0
Save and exit, then run
freeto verify that everything is correct.
- Create a New Logical Volume (LV-A) with a Size of 30 Extents that Belongs to the Volume Group VG-A (with a PE Size of 32M). After Creating the Volume, Configure the Server to Mount It Persistently on `/mnt`.
First we need to create a physical volume. Let’s assume your disk is
Then we need to create the Volume Group named VG-A with a 32M physical extent size:
vgcreate VG-A /dev/vdc -s 32m
Finally, we create the Logical Volume named LV-A with 30 extents:
lvcreate -n LV-A -l 30 VG-A
Now we can format the volume:
And finally, we can edit
/etc/fstabto add the following line:
/dev/mapper/VG--A-LV--A /mnt xfs defaults 0 0
- On the Host, Not the Guest VM, Utilize ldap.linuxacademy.com for SSO, and Configure AutoFS to Mount Users’ Home Directories on Login. Make Sure to Use Kerberos.
The server is ldap.linuxacademy.com.
The Kerberos certificate is located at http://ldap.linuxacademy.com/pub/cert.pem.
First, we need to install the required packages.
yum install -y authconfig-gtk nss-pam-ldapd pam_krb5 autofs nfs-utils openldap-clients
Now we can run
- Set the Search Base DN to
- Set the LDAP Server to
- Select Use TLS, and enter
http://ldap.linuxacademy.com/pub/cert.pemto download the cert.
- Switch to the Advanced tab and select Create Home directories on the first login.
- Select Apply.
/etc/auto.master.d/ldap.autofs, and add the following line:
/etc/auto.ldap, and add the following line:
* -rw ldap.linuxacademy.com:/home/guests/&
/etc/pam.d/sshd, and add the following to the first section:
auth sufficient pam_ldap.so
systemctl restart sshd.
Now you should be able to verify by running
su - ldapuser3.
- Change the Hostname of the Guest to “rhcsa”
For this task you can use
hostnamectl set-hostname rhcsa