# RH342 Study Quiz Use this to test yourself. Answers are at the bottom of each section. --- ## Section 1: Logs and Information Gathering ### Questions 1. What command shows journal entries for the current boot only? 2. How do you view journal logs for a specific systemd service? 3. What file stores the main rsyslog configuration? 4. Where are SELinux denial messages logged? 5. What command searches the audit log for SELinux AVC denials from today? 6. How do you enable persistent journal storage? 7. What command shows journal entries from a previous boot session? 8. Where does rsyslog store security/authentication messages? 9. How do you follow journal logs in real-time (like tail -f)? 10. What package provides the `sealert` command? ### Answers 1. `journalctl -b` 2. `journalctl -u servicename.service` 3. `/etc/rsyslog.conf` 4. `/var/log/audit/audit.log` 5. `ausearch -m avc -ts today` 6. `mkdir /var/log/journal` then set `Storage=persistent` in `/etc/systemd/journald.conf` and restart systemd-journald 7. `journalctl --list-boots` then `journalctl --boot ` 8. `/var/log/secure` 9. `journalctl -f` 10. `setroubleshoot-server` --- ## Section 2: Boot and GRUB2 ### Questions 1. What command shows the current default kernel? 2. How do you change the default boot kernel persistently? 3. Where is the main GRUB2 config file on BIOS systems? 4. Where is the main GRUB2 config file on UEFI systems? 5. What command regenerates the GRUB2 config on a BIOS system? 6. What kernel parameter boots to single-user/rescue mode? 7. What kernel parameter breaks into the initramfs shell? 8. How do you view all GRUB2 boot entries with grubby? 9. What command manages UEFI boot entries? 10. After editing `/etc/default/grub`, what must you do? 11. What file contains the `GRUB_CMDLINE_LINUX` variable? 12. How do you add a kernel argument to all kernels with grubby? ### Answers 1. `grubby --default-kernel` 2. `grubby --set-default /boot/vmlinuz-x.x.x` 3. `/boot/grub2/grub.cfg` 4. `/boot/efi/EFI/redhat/grub.cfg` 5. `grub2-mkconfig -o /boot/grub2/grub.cfg` 6. `systemd.unit=rescue.target` 7. `rd.break` 8. `grubby --info=ALL` 9. `efibootmgr` 10. Regenerate GRUB config with `grub2-mkconfig` 11. `/etc/default/grub` 12. `grubby --update-kernel=ALL --args="argument"` --- ## Section 3: Hardware ### Questions 1. What command shows kernel boot messages with human-readable timestamps? 2. What command shows CPU information including cores and threads? 3. How do you view physical memory details (type, speed, slots)? 4. What command lists SCSI-compatible storage devices? 5. What command lists PCI devices? 6. What command lists USB devices? 7. What service reports hardware errors via kernel tracing? 8. How do you view a summary of hardware errors with rasdaemon? 9. What package provides bootable memory testing? 10. How do you filter dmesg by facility and severity level? ### Answers 1. `dmesg -T` 2. `lscpu` 3. `dmidecode -t memory` 4. `lsscsi` 5. `lspci` 6. `lsusb` 7. `rasdaemon` 8. `ras-mc-ctl --summary` 9. `memtest86+` 10. `dmesg -f kern -l warn` --- ## Section 4: Storage ### Questions 1. What command lists device mapper devices? 2. What command shows LVM logical volumes? 3. What command repairs an XFS filesystem? 4. What must you do before running xfs_repair? 5. How do you check the current I/O scheduler for a disk? 6. What command shows multipath topology? 7. What command wipes filesystem signatures from a device? 8. How do you create a Stratis pool? 9. What command creates a Stratis filesystem? 10. How do you extend an LVM logical volume by 5GB? 11. What command shows block devices with filesystem info? 12. What's the force option for xfs_repair if the log is dirty? ### Answers 1. `dmsetup ls` 2. `lvs` or `lvdisplay` 3. `xfs_repair /dev/xxx` 4. Unmount the filesystem 5. `cat /sys/block/sda/queue/scheduler` 6. `multipath -ll` 7. `wipefs --all /dev/xxx` 8. `stratis pool create poolname /dev/xxx` 9. `stratis fs create poolname fsname` 10. `lvextend -L +5G /dev/vgname/lvname` 11. `lsblk -f` 12. `xfs_repair -L /dev/xxx` --- ## Section 5: Network ### Questions 1. What command shows NetworkManager connection profiles? 2. How do you bring up a network connection with nmcli? 3. What command shows listening TCP/UDP ports with process info? 4. How do you add a firewall service permanently? 5. What command scans a network for live hosts without port scanning? 6. How do you test connectivity to a specific port with ncat? 7. What command shows the current firewall rules? 8. How do you block ICMP echo-reply with firewalld? 9. What text-based UI manages NetworkManager? 10. How do you reload firewall rules after making permanent changes? 11. What command shows IP addresses on all interfaces? 12. How do you add a static IP with nmcli? ### Answers 1. `nmcli connection show` 2. `nmcli connection up "connection-name"` 3. `ss -tunlp` 4. `firewall-cmd --permanent --add-service=servicename` then `firewall-cmd --reload` 5. `nmap -sn 192.168.1.0/24` 6. `ncat hostname port` 7. `firewall-cmd --list-all` 8. `firewall-cmd --add-icmp-block=echo-reply` 9. `nmtui` 10. `firewall-cmd --reload` 11. `ip addr show` 12. `nmcli connection modify connname ipv4.addresses 192.168.1.100/24 ipv4.method manual` --- ## Section 6: SELinux ### Questions 1. What command shows the current SELinux mode? 2. How do you temporarily set SELinux to permissive? 3. What command searches for AVC denials in the audit log? 4. How do you add a permanent file context rule? 5. After adding a file context rule, what command applies it? 6. How do you add a port label for a service? 7. What command sets an SELinux boolean persistently? 8. How do you list all SELinux booleans with descriptions? 9. What command provides detailed analysis of an SELinux denial? 10. How do you force a full system relabel on next boot? 11. What type should web content have for httpd to read it? 12. How do you disable all dontaudit rules for debugging? ### Answers 1. `getenforce` 2. `setenforce 0` 3. `ausearch -m avc -ts today` 4. `semanage fcontext -a -t type_t '/path(/.*)?'` 5. `restorecon -Rv /path` 6. `semanage port -a -t port_type_t -p tcp portnumber` 7. `setsebool -P booleanname on` 8. `semanage boolean --list` 9. `sealert -a /var/log/audit/audit.log` 10. `touch /.autorelabel` then reboot 11. `httpd_sys_content_t` 12. `semanage dontaudit off` --- ## Section 7: Kdump ### Questions 1. What service captures kernel crash dumps? 2. What command shows kdump status? 3. What kernel parameter reserves memory for kdump? 4. Where are crash dumps stored by default? 5. What file contains the crash dump? 6. What command shows reserved kdump memory? 7. How do you trigger a test crash using SysRq? 8. What must be enabled before using SysRq commands? 9. What config file controls kdump behavior? 10. How do you make the system panic on OOM events permanently? 11. What command analyzes a vmcore crash dump? 12. What file should you send to Red Hat Support first for preliminary crash analysis? ### Answers 1. `kdump` 2. `kdumpctl status` 3. `crashkernel=auto` 4. `/var/crash/` 5. `vmcore` 6. `kdumpctl showmem` 7. `echo c > /proc/sysrq-trigger` 8. `echo 1 > /proc/sys/kernel/sysrq` 9. `/etc/kdump.conf` 10. Add `vm.panic_on_oom=1` to `/etc/sysctl.conf` and run `sysctl -p` 11. `crash /path/to/vmlinux /path/to/vmcore` 12. `vmcore-dmesg.txt` --- ## Rapid Fire: Command to Tool Matching Match the command to its purpose: | Command | Purpose | |---------|---------| | `grubby` | ? | | `ausearch` | ? | | `restorecon` | ? | | `nmcli` | ? | | `kdumpctl` | ? | | `semanage` | ? | | `dmsetup` | ? | | `sealert` | ? | ### Answers | Command | Purpose | |---------|---------| | `grubby` | Manage GRUB2 boot entries | | `ausearch` | Search audit logs | | `restorecon` | Apply SELinux contexts from database | | `nmcli` | Manage NetworkManager | | `kdumpctl` | Manage kdump service | | `semanage` | Manage SELinux policy (contexts, ports, booleans) | | `dmsetup` | Manage device mapper | | `sealert` | Analyze SELinux denials | --- ## Scenario-Based Questions ### Scenario 1 A web server returns 403 Forbidden. The file permissions are correct (644). What should you check next and how? **Answer:** Check SELinux. Run `ausearch -m avc -ts recent` to find denials, then `ls -Z` on the file to check context. Fix with `restorecon -Rv /var/www/html` or `semanage fcontext` if using non-standard location. ### Scenario 2 A system won't boot past GRUB. You see "invalid magic number" error. How do you fix it? **Answer:** Boot from previous kernel entry in GRUB menu, then use `grubby --set-default /boot/vmlinuz-` to set a working kernel as default. ### Scenario 3 A service fails to start because it can't bind to port 8443. SELinux is enforcing. How do you fix it? **Answer:** `semanage port -a -t http_port_t -p tcp 8443` (assuming it's an HTTP service). ### Scenario 4 You need to capture a kernel crash dump for Red Hat Support. The system is running but kdump shows "not operational". What do you check? **Answer:** 1. Check `crashkernel=auto` is in kernel cmdline: `cat /proc/cmdline` 2. Check reserved memory: `kdumpctl showmem` 3. If no crashkernel param, add to `/etc/default/grub`, regenerate grub config, and reboot ### Scenario 5 After restoring files from backup, a database service won't start. Logs show permission denied. File permissions look correct. What's wrong? **Answer:** SELinux contexts weren't preserved during backup/restore. Run `restorecon -Rv /path/to/database/files` --- ## Fill in the Blank 1. The default location for journal logs with persistent storage is ____________ 2. To boot to emergency mode, add ____________ to kernel command line 3. The SELinux context type for web content is ____________ 4. The command to list all UEFI boot entries is ____________ 5. Stratis filesystems are backed by ____________ filesystem 6. The config file for kdump is ____________ 7. To view kernel messages for the current boot via journalctl: ____________ 8. The package that provides `sealert` is ____________ ### Answers 1. `/var/log/journal` 2. `systemd.unit=emergency.target` 3. `httpd_sys_content_t` 4. `efibootmgr` 5. XFS 6. `/etc/kdump.conf` 7. `journalctl -k` 8. `setroubleshoot-server`