RHEL – User ID & Access Management:
User Management
# useradd username ---> Create new user
# useradd -m username ---> Create user with home directory
# useradd -m -d /home/custom -s /bin/bash user ---> Custom home & shell
# useradd -u 2001 username ---> Create user with specific UID
# useradd -g groupname username ---> Set primary group
# useradd -G group1,group2 username ---> Add secondary groups
# passwd username ---> Set or change password
# usermod username ---> Modify user
# usermod -l newname oldname ---> Rename user
# usermod -d /new/home -m username ---> Change home directory
# usermod -s /bin/sh username ---> Change shell
# usermod -u 3001 username ---> Change UID
# usermod -aG wheel username ---> Add to sudo group
# userdel username ---> Delete user
# userdel -r username ---> Delete user with home directory
Group Management
# groupadd groupname ---> Create group
# groupadd -g 4000 groupname ---> Create group with specific GID
# groupmod -n newname oldname ---> Rename group
# groupmod -g 5000 groupname ---> Change GID
# groupdel groupname ---> Delete group
# gpasswd -a username groupname ---> Add user to group
# gpasswd -d username groupname ---> Remove user from group
# newgrp groupname ---> Switch primary group temporarily
User Information & Verification
# id username ---> Show UID, GID, groups
# id -u username ---> Show UID only
# id -g username ---> Show GID only
# groups username ---> Show user groups
# getent passwd username ---> Get user entry
# getent group groupname ---> Get group entry
# whoami ---> Current logged user
# who ---> Logged-in users
# w ---> Logged-in users with processes
# last ---> Login history
# lastb ---> Failed login attempts
# lastlog ---> Last login of all users
Password & Account Policies
# chage -l username ---> Show password aging info
# chage -M 90 username ---> Set password expiry (90 days)
# chage -m 7 username ---> Minimum days before change
# chage -W 7 username ---> Warning before expiry
# chage -E 2026-12-31 username ---> Set account expiration date
# passwd -l username ---> Lock account
# passwd -u username ---> Unlock account
# passwd -e username ---> Force password change at next login
# faillog ---> Show failed login attempts
# faillog -u username ---> Failed login details for user
Sudo & Privilege Management
# visudo ---> Safely edit sudoers file
# cat /etc/sudoers ---> View sudo config
# ls /etc/sudoers.d/ ---> Additional sudo rules
# usermod -aG wheel username ---> Add to sudo group (RHEL default)
# sudo -l ---> Check allowed sudo commands
File Ownership & Permissions
# chown user file ---> Change file owner
# chown user:group file ---> Change owner & group
# chgrp group file ---> Change group ownership
# chmod 755 file ---> Set rwxr-xr-x permission
# chmod u+x file ---> Add execute for owner
# chmod g-w file ---> Remove write for group
# stat file ---> Show detailed file info
Special Permissions
# chmod 4755 file ---> Set SUID
# chmod 2755 directory ---> Set SGID
# chmod 1777 /shared ---> Set Sticky Bit
# ls -l ---> View special permissions
Access Control Lists (ACL)
# setfacl -m u:username:rwx file ---> Give user rwx access
# setfacl -m g:groupname:rw file ---> Give group access
# getfacl file ---> View ACL
# setfacl -x u:username file ---> Remove ACL
# setfacl -b file ---> Remove all ACLs
Default User Settings
/etc/login.defs ---> Default password policies
/etc/default/useradd ---> Default new user settings
/etc/skel/ ---> Default home directory template
Account Locking & Security
# passwd -S username ---> Password status
# chattr +i file ---> Make file immutable
# chattr -i file ---> Remove immutable
# lsattr file ---> View attributes
# getenforce ---> Check SELinux mode
RHEL – Performance & System Monitoring
CPU Monitoring
# top ---> Real-time CPU & process usage
# htop ---> Advanced interactive monitor
# mpstat -P ALL 1 5 ---> Per-CPU usage (sysstat)
# sar -u 1 5 ---> CPU usage statistics
# uptime ---> Load average
# vmstat 1 5 ---> CPU + memory summary
# ps aux --sort=-%cpu | head ---> Top CPU-consuming processes
# pidstat 1 ---> CPU usage per PID
# lscpu ---> CPU architecture info
Memory Monitoring
# free -h ---> Memory usage (human readable)
# free -m ---> Memory usage in MB
# vmstat 1 5 ---> Memory statistics
# sar -r 1 5 ---> Memory usage history
# ps aux --sort=-%mem | head ---> Top memory processes
# pmap <PID> ---> Memory usage per process
# cat /proc/meminfo ---> Detailed memory info
Disk Usage Monitoring
# df -h ---> Disk usage
# df -i ---> Inode usage
# du -sh * ---> Directory usage
# du -sh /var/* ---> Check large directories
# lsblk ---> List block devices
# blkid ---> Filesystem UUID
# mount | column -t ---> Mounted filesystems
Disk Full Troubleshooting:
# lsof | grep deleted ---> Deleted but open files
Disk I/O Monitoring
# iostat -x 1 5 ---> Extended I/O statistics
# iotop ---> Real-time disk I/O per process
# sar -d 1 5 ---> Disk activity history
# vmstat 1 5 ---> Check I/O wait
Network Monitoring
# ss -tulnp ---> Listening ports
# netstat -tulnp ---> Legacy port check
# ip -s link ---> Network interface stats
# sar -n DEV 1 5 ---> Network usage stats
# ifconfig ---> Interface info (legacy)
# ethtool eth0 ---> NIC details
# tcpdump -i eth0 ---> Capture packets
# nload ---> Network traffic monitor
Process Monitoring
# ps -ef ---> All running processes
# ps aux ---> Process usage
# pgrep process_name ---> Get process PID
# top -p <PID> ---> Monitor specific process
# strace -p <PID> ---> Trace system calls
# lsof -p <PID> ---> Open files by process
# kill -9 <PID> ---> Force kill process
Swap Monitoring
# swapon -s ---> Swap usage
# free -h ---> Check swap usage
# vmstat 1 5 ---> Swap in/out activity
# cat /proc/swaps ---> Swap details
System Load & Uptime
# uptime ---> System uptime & load
# w ---> Logged users + load
# who ---> Logged users
# last ---> Login history
Kernel & Hardware Monitoring
# dmesg | tail ---> Kernel messages
# journalctl -k ---> Kernel logs
# lsmod ---> Loaded modules
# free -m ---> RAM check
# lspci ---> PCI devices
# lsusb ---> USB devices
# smartctl -a /dev/sda ---> Disk health
Performance Historical Data (sysstat package)
# sar -u ---> CPU history
# sar -r ---> Memory history
# sar -d ---> Disk history
# sar -n DEV ---> Network history
# sar -q ---> Load average history
RHEL – Service Management (Systemd):
Basic Service Control
# systemctl start service_name ---> Start a service
# systemctl stop service_name ---> Stop a service
# systemctl restart service_name ---> Restart a service
# systemctl reload service_name ---> Reload configuration (no restart)
# systemctl status service_name ---> Check service status
# systemctl is-active service_name ---> Check if service is running
# systemctl is-enabled service_name ---> Check if service is enabled at boot
Enable / Disable Services at Boot
# systemctl enable service_name ---> Enable service at boot
# systemctl disable service_name ---> Disable service at boot
# systemctl enable --now service_name ---> Enable + start immediately
# systemctl disable --now service_name ---> Disable + stop immediately
Mask / Unmask Services
# systemctl mask service_name ---> Prevent service from starting
# systemctl unmask service_name ---> Allow service to start
List Services
# systemctl list-units --type=service ---> List running services
# systemctl list-units --type=service --all ---> List all services
# systemctl list-unit-files ---> List all service unit files
# systemctl --failed ---> List failed services
View Logs (journalctl)
# journalctl -u service_name ---> Logs for specific service
# journalctl -u service_name -f ---> Follow service logs live
# journalctl -xe ---> Recent errors
# journalctl -b ---> Logs from current boot
# journalctl -b -1 ---> Logs from previous boot
Reload Systemd & Daemon
# systemctl daemon-reload ---> Reload unit files after changes
# systemctl daemon-reexec ---> Restart systemd process
Service Dependencies
# systemctl list-dependencies service_name ---> Show service dependencies
# systemctl show service_name ---> Detailed service properties
Old runlevels replaced by targets.
# systemctl get-default ---> Current default target
# systemctl set-default multi-user.target ---> Set CLI mode
# systemctl set-default graphical.target ---> Set GUI mode
# systemctl isolate multi-user.target ---> Switch target immediately
Service Timeout & Kill
# systemctl kill service_name ---> Kill service process
# systemctl reset-failed service_name ---> Reset failed state
RHEL – Job Scheduling (Cron & Systemd Timers):
Cron Basics
Edit & List Cron Jobs
# crontab -e ---> Edit current user cron jobs
# crontab -l ---> List current user cron jobs
# crontab -r ---> Remove current user cron jobs
# crontab -u username -e ---> Edit another user's cron
Cron Format
* * * * * command
│ │ │ │ │
│ │ │ │ └── Day of week (0–7) (Sun=0 or 7)
│ │ │ └──── Month (1–12)
│ │ └────── Day of month (1–31)
│ └──────── Hour (0–23)
└────────── Minute (0–59)
Cron Examples
0 2 * * * /backup.sh ---> Daily at 2 AM
*/5 * * * * /script.sh ---> Every 5 minutes
0 0 * * 0 /weekly.sh ---> Every Sunday midnight
30 14 1 * * /monthly.sh ---> 1st day of month 2:30 PM
@reboot /startup.sh ---> Run at system boot
System-Wide Cron Locations
/etc/crontab ---> System-wide cron file
/etc/cron.d/ ---> Custom cron jobs
/etc/cron.daily/ ---> Daily jobs
/etc/cron.hourly/ ---> Hourly jobs
/etc/cron.weekly/ ---> Weekly jobs
/etc/cron.monthly/ ---> Monthly jobs
Cron Service Management
# systemctl status crond ---> Check cron service
# systemctl start crond ---> Start cron
# systemctl enable crond ---> Enable at boot
# systemctl restart crond ---> Restart cron
Anacron (For Systems Not Always Running)
/etc/anacrontab ---> Anacron configuration
Systemd Timer Management
# systemctl list-timers ---> List active timers
# systemctl status myjob.timer ---> Check timer status
# systemctl stop myjob.timer ---> Stop timer
# systemctl disable myjob.timer ---> Disable timer
# journalctl -u myjob.service ---> Check job logs
OnCalendar Examples (Systemd)
OnCalendar=*-*-* 02:00:00 ---> Daily at 2 AM
OnCalendar=Mon *-*-* 09:00:00 ---> Every Monday 9 AM
OnCalendar=weekly ---> Weekly
OnCalendar=monthly ---> Monthly
OnCalendar=*-*-01 00:00:00 ---> First of month
Network Management
# nmcli device status ---> Display network info
# nmcli connection show ---> Show network connections
# nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24 ---> Set static IP
# nmcli connection modify eth0 ipv4.gateway 192.168.1.1 ---> Set static gateway
# nmcli connection modify eth0 ipv4.method manual ---> Set static IP method
# nmcli connection up eth0 ---> Bring up network interface
# systemctl restart NetworkManager ---> Restart NetworkManager
# firewall-cmd --state ---> Check firewall status
# firewall-cmd --get-active-zones ---> List firewall zones
# firewall-cmd --permanent --add-port=8080/tcp ---> Open port permanently
# firewall-cmd --reload ---> Reload firewall
# traceroute google.com ---> Test network connection
# ip a ---> Show IP addresses
# ip link ---> Show network interfaces
# ip route ---> Show routing table
# ping 8.8.8.8 ---> Test connectivity
# dig google.com ---> DNS lookup (bind-utils)
# nslookup google.com ---> DNS query (legacy)
# curl -I https://example.com ---> Test HTTP connectivity
# tcpdump -i eth0 ---> Capture network traffic
# ethtool eth0 ---> Show network interface details
# nmcli general status ---> NetworkManager general status
# nmcli networking off/on ---> Turn networking off/on
Check Listening Ports
# ss -lnt ---> TCP listening
# ss -lnu ---> UDP listening
# ss -plant ---> Ports + process
RHEL Storage, Partition, Filesystem & LVM Management
Partition & Filesystem Management
# blkid ---> View partition UUIDs
# lsblk ---> List block devices
# lsblk -f ---> Show filesystem type info
# fdisk -l ---> Show partition table
# parted /dev/sdb print ---> Show GPT/MBR partition info
# parted /dev/sdb mklabel gpt ---> Create GPT partition table
# parted /dev/sdb mkpart primary xfs 1MiB 10GiB ---> Create partition
# mkswap /dev/sdb2 ---> Create swap partition
# swapon /dev/sdb2 ---> Enable swap
# swapoff /dev/sdb2 ---> Disable swap
# echo '/dev/sdb2 swap swap defaults 0 0' | tee -a /etc/fstab ---> Persist swap in fstab
# mkfs.ext4 /dev/sdb1 ---> Format partition with EXT4
# mkfs.xfs /dev/sdb1 ---> Format partition with XFS
# mount /dev/sdb1 /mnt ---> Mount filesystem
# umount /mnt ---> Unmount filesystem
# df -h ---> Check disk usage by mounted partitions
# df -i ---> Check inode usage
# tune2fs -l /dev/sdb1 ---> View EXT filesystem details
# resize2fs /dev/sdb1 10G ---> Resize EXT filesystem
# xfs_growfs /mnt ---> Grow XFS filesystem
# parted /dev/sdb resizepart 1 100GB ---> Resize partition
# partprobe /dev/sdb ---> Inform kernel about partition changes
# stat /file ---> Show file metadata info
# smartctl -a /dev/sdb ---> Check disk SMART health
# ls -l /mnt ---> Check files and permissions
# df -Th ---> Show filesystem type with usage
LVM Management
# pvcreate /dev/sdb1 ---> Create physical volume (PV)
# pvdisplay ---> Display PV details
# pvs ---> List all PVs
# pvremove /dev/sdb1 ---> Remove PV
# vgcreate my_vg /dev/sdb1 ---> Create volume group (VG)
# vgextend my_vg /dev/sdc1 ---> Add PV to VG
# vgreduce my_vg /dev/sdc1 ---> Remove PV from VG
# vgdisplay ---> Display VG details
# vgs ---> List all VGs
# vgremove my_vg ---> Remove VG
# lvcreate -L 5G -n my_lv my_vg ---> Create logical volume (LV)
# lvcreate -l 100%FREE -n data_lv my_vg ---> Use all free space for LV
# lvdisplay ---> Display LV details
# lvs ---> List all LVs
# lvremove /dev/my_vg/my_lv ---> Remove LV
# mkfs.xfs /dev/my_vg/my_lv ---> Format LV with XFS
# mkfs.ext4 /dev/my_vg/my_lv ---> Format LV with EXT4
# mount /dev/my_vg/my_lv /data ---> Mount LV
# umount /data ---> Unmount LV
# echo '/dev/my_vg/my_lv /data xfs defaults 0 0' | tee -a /etc/fstab ---> Persist LV mount
# lvextend -L +5G /dev/my_vg/my_lv ---> Extend LV by 5GB
# xfs_growfs /data ---> Grow XFS filesystem
# resize2fs /dev/my_vg/my_lv ---> Resize EXT filesystem
# lvcreate -L 1G -s -n snap_lv /dev/my_vg/my_lv ---> Create LV snapshot
# lvconvert --merge /dev/my_vg/snap_lv ---> Merge snapshot back
# lvreduce -L 3G /dev/my_vg/my_lv ---> Reduce LV (EXT4 only)
# lvchange -an /dev/my_vg/my_lv ---> Deactivate LV
# lvchange -ay /dev/my_vg/my_lv ---> Activate LV
# vgreduce --removemissing my_vg ---> Remove missing PVs from VG
# vgchange -ay my_vg ---> Activate VG
# vgchange -an my_vg ---> Deactivate VG
Disk & Filesystem Checks
# fsck /dev/sdb1 ---> Check EXT filesystem
# xfs_repair /dev/sdb1 ---> Repair XFS filesystem
# tune2fs -l /dev/sdb1 ---> View EXT4 filesystem info
# dumpe2fs /dev/sdb1 ---> Dump EXT2/3/4 superblock info
# df -hT ---> Show filesystem type and usage
# du -sh /data/* ---> Directory usage summary
# lsblk -f ---> Filesystem type and label
# mount | grep /data ---> Confirm mounted filesystems
# blkid | grep /dev/sdb1 ---> Confirm UUID
OS Patching & Package Management (YUM/DNF)
# yum check-update ---> Check available updates
# yum repolist enabled ---> List enabled repositories
# yum clean all ---> Clean yum cache
# yum install --downloadonly --downloaddir=/tmp package_name ---> Download package only without installing
# yum history undo <transaction_id> ---> Rollback package update/installation
# yum history ---> View yum transaction history
# yum install package_name ---> Install package
# yum remove package_name ---> Remove package
# yum update ---> Update all packages
# yum list installed ---> List installed packages
# yum info package_name ---> Show package information
# dnf check-update ---> Check available updates
# dnf repolist enabled ---> List enabled repositories
# dnf clean all ---> Clean DNF cache
# dnf install package_name ---> Install package
# dnf remove package_name ---> Remove package
# dnf update ---> Update all packages
# dnf list installed ---> List installed packages
# dnf info package_name ---> Show package information
# dnf history ---> View DNF transaction history
# dnf history rollback <ID> ---> Rollback DNF transaction
# rpm -ivh package.rpm ---> Install RPM package manually
# rpm -Uvh package.rpm ---> Upgrade RPM package manually
# rpm -e package_name ---> Remove RPM package manually
# rpm -qa ---> List all installed RPM packages
# rpm -qi package_name ---> Show installed package info
# rpm -ql package_name ---> List files installed by package
# rpm -qf /path/to/file ---> Show which package a file belongs to
SELinux Management
# sestatus ---> Show SELinux status
# getenforce ---> Show current SELinux mode (Enforcing, Permissive, Disabled)
# setenforce 0 ---> Temporarily set SELinux to permissive mode
# setenforce 1 ---> Temporarily set SELinux to enforcing mode
# semanage port -l ---> List SELinux port policies
# semanage fcontext -l ---> List SELinux file contexts
# restorecon -v /file ---> Restore SELinux default context for file/directory
# chcon -t type /file ---> Change SELinux file context temporarily
# seinfo -t ---> Display SELinux types
# sesearch -s source_t -t target_t -c class -p permission ---> Search SELinux rules
# /etc/selinux/config ---> SELinux configuration file (permanent mode)
Firewall Management (Firewalld – Extended)
Firewall Service Control
# systemctl start firewalld ---> Start firewalld service
# systemctl stop firewalld ---> Stop firewalld service
# systemctl restart firewalld ---> Restart firewalld service
# systemctl enable firewalld ---> Enable firewalld at boot
# systemctl disable firewalld ---> Disable firewalld at boot
# systemctl status firewalld ---> Show firewalld status
Basic Firewall Status & Zones
# firewall-cmd --state ---> Check if firewall is running
# firewall-cmd --get-default-zone ---> Show default zone
# firewall-cmd --set-default-zone=public ---> Set default zone
# firewall-cmd --get-zones ---> List all available zones
# firewall-cmd --get-active-zones ---> Show active zones
# firewall-cmd --zone=public --list-all ---> Show all settings of public zone
# firewall-cmd --list-all-zones ---> Show configuration of all zones
Port Management
# firewall-cmd --add-port=8080/tcp ---> Open port temporarily
# firewall-cmd --remove-port=8080/tcp ---> Remove temporary port
# firewall-cmd --permanent --add-port=8080/tcp ---> Open port permanently
# firewall-cmd --permanent --remove-port=8080/tcp ---> Remove permanent port
# firewall-cmd --list-ports ---> List open ports in active zone
# firewall-cmd --reload ---> Reload firewall rules
Service Management (HTTP, HTTPS, SSH, etc.)
# firewall-cmd --get-services ---> List all predefined services
# firewall-cmd --add-service=http ---> Allow HTTP temporarily
# firewall-cmd --remove-service=http ---> Remove temporary HTTP access
# firewall-cmd --permanent --add-service=https ---> Allow HTTPS permanently
# firewall-cmd --permanent --remove-service=https ---> Remove HTTPS permanently
# firewall-cmd --list-services ---> List allowed services
Rich Rules (Advanced Rules)
# firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.10" accept'
---> Allow specific IP
# firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.10" port port="22" protocol="tcp" accept'
---> Allow SSH from specific IP
# firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.20" drop'
---> Block specific IP
# firewall-cmd --list-rich-rules ---> List rich rules
# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.5" drop'
---> Add permanent rich rule
Source IP & Interface Binding
# firewall-cmd --zone=public --add-source=192.168.1.0/24
---> Add source network to zone
# firewall-cmd --zone=public --remove-source=192.168.1.0/24
---> Remove source network
# firewall-cmd --zone=public --add-interface=eth0 ---> Bind interface to zone
# firewall-cmd --zone=public --remove-interface=eth0 ---> Remove interface from zone
# firewall-cmd --get-zone-of-interface=eth0 ---> Check zone of interface
Forwarding & Masquerading (NAT)
# firewall-cmd --add-masquerade ---> Enable NAT temporarily
# firewall-cmd --permanent --add-masquerade ---> Enable NAT permanently
# firewall-cmd --remove-masquerade ---> Disable NAT
# firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080
---> Forward port 80 to 8080
# firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toaddr=192.168.1.10
---> Forward port to another IP
# firewall-cmd --list-forward-ports ---> List port forwarding rules
Direct Rules (Low-Level iptables rules)
# firewall-cmd --direct --get-all-rules ---> Show direct rules
# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 9090 -j ACCEPT
---> Add direct rule
# firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp --dport 9090 -j ACCEPT
---> Remove direct rule
Lockdown Mode
# firewall-cmd --lockdown-on ---> Enable lockdown mode
# firewall-cmd --lockdown-off ---> Disable lockdown mode
# firewall-cmd --query-lockdown ---> Check lockdown status
Panic Mode (Emergency Block All Traffic)
# firewall-cmd --panic-on ---> Block all incoming/outgoing traffic
# firewall-cmd --panic-off ---> Disable panic mode
# firewall-cmd --query-panic ---> Check panic mode status
Runtime vs Permanent Configuration
# firewall-cmd --runtime-to-permanent ---> Save runtime rules to permanent
# firewall-cmd --reload ---> Apply permanent rules
# firewall-cmd --complete-reload ---> Reload firewall completely
Backup & Restore
# tar -cvf backup.tar /path/to/dir ---> Create tar archive
# tar -xvf backup.tar ---> Extract tar archive
# tar -czvf backup.tar.gz /path/to/dir ---> Create compressed gzip tar archive
# tar -xzvf backup.tar.gz ---> Extract gzip tar archive
# rsync -av /source /destination ---> Sync files/directories (preserve permissions)
# rsync -av --delete /source /destination ---> Mirror source to destination
# dd if=/dev/sda of=/backup/sda.img bs=4M ---> Create disk image backup
# dd if=/backup/sda.img of=/dev/sda bs=4M ---> Restore disk image
# cp -a /source /destination ---> Backup preserving attributes
# dump /dev/sdX /backup/backup_file ---> Backup EXT filesystem (dump command)
# restore -rf /backup/backup_file ---> Restore dump backup
# tar --listed-incremental=/backup/snapshot.file -cvf backup.tar /path ---> Incremental backup
RHEL Cluster Management (Pacemaker / Corosync / DRBD)
# pcs cluster status ---> Show cluster status
# pcs status ---> Show detailed cluster status
# pcs status nodes ---> Show status of all nodes
# pcs cluster start --all ---> Start cluster on all nodes
# pcs cluster stop --all ---> Stop cluster on all nodes
# pcs cluster enable --all ---> Enable cluster at boot
# pcs cluster disable --all ---> Disable cluster at boot
# pcs cluster cib ---> Show cluster configuration (CIB XML)
# pcs cluster reload ---> Reload cluster configuration
# pcs cluster node list ---> List cluster nodes
# pcs node show <node_name> ---> Show detailed node info
# pcs node standby <node_name> ---> Put node in standby
# pcs node online <node_name> ---> Bring node online
# pcs node disable <node_name> ---> Disable node (prevent it joining cluster)
# pcs node enable <node_name> ---> Enable node
Cluster Resource Management
# pcs resource show ---> List all cluster resources
# pcs resource status ---> Show resource status
# pcs resource create <res_name> <res_type> [options] ---> Create a new cluster resource
# pcs resource delete <res_name> ---> Delete a cluster resource
# pcs resource move <res_name> <node_name> ---> Move resource to a specific node
# pcs resource disable <res_name> ---> Disable a resource temporarily
# pcs resource enable <res_name> ---> Enable a resource
# pcs resource cleanup <res_name> ---> Cleanup failed resource state
# pcs resource update <res_name> <option>=<value> ---> Update resource options
# pcs resource show <res_name> ---> Show resource details
Cluster Constraints
# pcs constraint location show ---> Show all location constraints
# pcs constraint location <res_name> prefers <node_name> ---> Assign resource preference to node
# pcs constraint colocation add <res1> with <res2> [INFINITY] ---> Colocate resources
# pcs constraint order show ---> Show all order constraints
# pcs constraint order start <res1> then <res2> ---> Set start order of resources
# pcs constraint order <res1> then <res2> optional ---> Optional order constraint
# pcs constraint delete <constraint_id> ---> Delete a constraint
Cluster Fencing (STONITH)
# pcs stonith show ---> Show fencing devices
# pcs stonith create <fence_name> <fence_type> [options] ---> Create a STONITH device
# pcs stonith delete <fence_name> ---> Delete STONITH device
# pcs stonith enable <fence_name> ---> Enable STONITH device
# pcs stonith disable <fence_name> ---> Disable STONITH device
# pcs stonith status ---> Show fencing status
DRBD / Storage Resources
# drbdadm status ---> Show DRBD device status
# drbdadm create-md <res_name> ---> Create DRBD metadata
# drbdadm up <res_name> ---> Bring DRBD device up
# drbdadm down <res_name> ---> Bring DRBD device down
# drbdadm connect <res_name> ---> Connect DRBD devices
# drbdadm disconnect <res_name> ---> Disconnect DRBD devices
# drbdadm -- --discard-my-data connect <res_name> ---> Force sync DRBD
# drbdadm adjust <res_name> ---> Change DRBD protocol mode (A/C)
# drbdsetup status ---> Show DRBD device status (alternative)
Cluster Logs & Troubleshooting
# journalctl -u pacemaker ---> Show Pacemaker logs
# journalctl -u corosync ---> Show Corosync logs
# pcs cluster cib ---> View cluster configuration (CIB)
# crm_mon -1 ---> Monitor cluster in real-time
# crm_verify -L ---> Verify cluster configuration
# pcs status debug ---> Detailed debug info for cluster
Cluster Maintenance
# pcs cluster stop <node_name> ---> Stop cluster on specific node
# pcs cluster start <node_name> ---> Start cluster on specific node
# pcs resource failcount reset <res_name> ---> Reset fail count for a resource
# pcs property set no-quorum-policy=ignore ---> Ignore quorum temporarily
# pcs property set stonith-enabled=true ---> Enable STONITH
# pcs property set stonith-enabled=false ---> Disable STONITH temporarily
Red Hat Satellite Server Commands:
Satellite Service Management
# satellite-maintain service status ---> Show all Satellite service status
# satellite-maintain service start ---> Start all Satellite services
# satellite-maintain service stop ---> Stop all Satellite services
# satellite-maintain service restart ---> Restart all Satellite services
# satellite-maintain service list ---> List Satellite services
# satellite-maintain health check ---> Perform health check
# satellite-maintain backup /backup_dir ---> Backup Satellite server
# satellite-maintain restore /backup_dir ---> Restore Satellite backup
Foreman Service Management (Core of Satellite)
# systemctl status foreman ---> Check Foreman service
# systemctl status foreman-proxy ---> Check Smart Proxy service
# systemctl status httpd ---> Apache service status
# systemctl status postgresql ---> PostgreSQL status
# systemctl status pulpcore-api ---> Pulp API service
# systemctl status pulpcore-content ---> Pulp content service
# systemctl restart httpd ---> Restart Apache
# systemctl restart foreman ---> Restart Foreman
Hammer CLI (Main Satellite CLI Tool)
Organization & Location
# hammer organization list ---> List organizations
# hammer organization create --name "Org1" ---> Create organization
# hammer location list ---> List locations
# hammer location create --name "DC1" ---> Create location
Lifecycle Environments
# hammer lifecycle-environment list ---> List lifecycle environments
# hammer lifecycle-environment create \
--name Dev --prior Library --organization "Org1"
---> Create lifecycle environment
Content Views
# hammer content-view list ---> List content views
# hammer content-view create --name "RHEL8-CV" \
--organization "Org1" ---> Create content view
# hammer content-view publish \
--name "RHEL8-CV" --organization "Org1" ---> Publish content view
# hammer content-view version promote \
--content-view "RHEL8-CV" \
--to-lifecycle-environment Dev \
--organization "Org1" ---> Promote content view
Repository Management
# hammer repository list --organization "Org1" ---> List repositories
# hammer repository enable \
--organization "Org1" \
--product "Red Hat Enterprise Linux Server" \
--name "RHEL 8 BaseOS RPMs x86_64" ---> Enable repo
# hammer repository synchronize --id <repo_id> ---> Sync repository
Product Management
# hammer product list --organization "Org1" ---> List products
# hammer product create --name "CustomProduct" \
--organization "Org1" ---> Create product
Host Management
# hammer host list ---> List all hosts
# hammer host info --name hostname.example.com ---> Host details
# hammer host delete --name hostname.example.com ---> Delete host
# hammer host update --name host \
--lifecycle-environment Dev ---> Move host to lifecycle
Host Registration
On Client (RHEL System)
# subscription-manager register \
--org="Org1" \
--activationkey="rhel8-key" ---> Register host to Satellite
# subscription-manager status ---> Check subscription status
# subscription-manager repos --list ---> List enabled repos
# subscription-manager attach --auto ---> Auto attach subscription
# subscription-manager unregister ---> Unregister host
# subscription-manager clean ---> Remove old subscription data
Capsule Server Commands
# satellite-installer --scenario capsule \
--foreman-proxy-content-parent-fqdn satellite.example.com
---> Install Capsule
# hammer capsule list ---> List capsules
# hammer capsule content synchronize --id <id> ---> Sync capsule content
# satellite-maintain service status ---> Check capsule services
Sync & Content Management
# hammer repository synchronize --name "RepoName" \
--product "ProductName" \
--organization "Org1" ---> Sync repository
# hammer sync-plan list ---> List sync plans
# hammer sync-plan create --name "DailySync" \
--interval daily --organization "Org1" ---> Create sync plan
Database & Logs
PostgreSQL
# su - postgres
# psql -d foreman ---> Connect to Satellite DB
# \dt ---> List tables
# \q ---> Exit DB
Important Logs
/var/log/foreman/production.log ---> Foreman log
/var/log/httpd/error_log ---> Apache errors
/var/log/pulpcore/ ---> Pulp logs
/var/log/messages ---> System log
Troubleshooting & Maintenance
# satellite-maintain health check ---> Full system check
# satellite-maintain upgrade check ---> Pre-upgrade check
# satellite-maintain packages list ---> List installed packages
# foreman-rake katello:check ---> Check Katello health
# hammer ping ---> Test Satellite API
Upgrade & Patch Management
# satellite-maintain upgrade list ---> Check available upgrades
# satellite-maintain upgrade run ---> Run upgrade
# yum update ---> Update Satellite packages
Enterprise-Level Useful Commands
# hammer task list ---> List background tasks
# hammer task progress --id <task_id> ---> Check task progress
# hammer task resume --id <task_id> ---> Resume failed task
# foreman-rake db:migrate ---> Run DB migration
# foreman-rake tmp:clear ---> Clear cache
RHEL Server – Important Configuration Files:
System & Boot Configuration
/etc/fstab ---> Filesystems mounted at boot
/etc/mtab ---> Currently mounted filesystems (symlink to /proc)
/etc/default/grub ---> GRUB bootloader configuration
/boot/grub2/grub.cfg ---> Generated GRUB configuration file
/etc/sysconfig/grub ---> GRUB environment (older versions)
/etc/hostname ---> System hostname
/etc/hosts ---> Static hostname to IP mapping
/etc/machine-id ---> Unique system identifier
/etc/localtime ---> System timezone
/etc/chrony.conf ---> NTP time synchronization config
User & Authentication Configuration
/etc/passwd ---> User account information
/etc/shadow ---> Encrypted passwords
/etc/group ---> Group definitions
/etc/gshadow ---> Secure group passwords
/etc/login.defs ---> Password & login policy defaults
/etc/default/useradd ---> Default settings for new users
/etc/sudoers ---> Sudo access control
/etc/sudoers.d/ ---> Additional sudo configs
/etc/security/limits.conf ---> User resource limits
/etc/security/limits.d/ ---> Additional limits configs
/etc/pam.d/ ---> PAM authentication modules
/etc/nsswitch.conf ---> Name service switch configuration
/etc/securetty ---> Secure TTY access for root
Network Configuration
RHEL 8/9/10 (NetworkManager based)
/etc/NetworkManager/NetworkManager.conf
/etc/NetworkManager/system-connections/ ---> Interface config files
/etc/resolv.conf ---> DNS configuration
/etc/sysconfig/network ---> Legacy network config
RHEL 7 (Legacy scripts)
/etc/sysconfig/network-scripts/ifcfg-eth0 ---> Interface configuration
/etc/sysconfig/network ---> Networking settings
Other Network Files
/etc/hosts.allow ---> TCP wrapper allow rules
/etc/hosts.deny ---> TCP wrapper deny rules
/etc/services ---> Port-to-service mapping
/etc/ssh/sshd_config ---> SSH server config
/etc/ssh/ssh_config ---> SSH client config
SELinux Configuration
/etc/selinux/config ---> SELinux mode (enforcing/permissive)
/etc/selinux/targeted/ ---> SELinux policy files
/etc/selinux/semanage.conf ---> SELinux management config
Firewall Configuration
/etc/firewalld/firewalld.conf ---> Main firewalld config
/etc/firewalld/zones/ ---> Zone definitions
/etc/firewalld/services/ ---> Custom services
/etc/sysconfig/iptables ---> Legacy iptables config (RHEL 7)
/etc/sysconfig/ip6tables ---> IPv6 firewall rules
System Services & Daemons
/etc/systemd/system/ ---> Custom systemd service files
/usr/lib/systemd/system/ ---> Default system services
/etc/systemd/system/multi-user.target.wants/ ---> Enabled services
/etc/rc.d/rc.local ---> Startup script (legacy)
/etc/sysconfig/ ---> Service-specific configs
Logging Configuration
/etc/rsyslog.conf ---> Main logging config
/etc/rsyslog.d/ ---> Custom log rules
/etc/logrotate.conf ---> Log rotation config
/etc/logrotate.d/ ---> Service log rotation configs
/var/log/messages ---> General system logs
/var/log/secure ---> Authentication logs
/var/log/dmesg ---> Kernel logs
/var/log/boot.log ---> Boot logs
Storage & Filesystem Configuration
/etc/fstab ---> Mount configuration
/etc/lvm/lvm.conf ---> LVM configuration
/etc/mdadm.conf ---> Software RAID config
/etc/crypttab ---> Encrypted filesystem config
/etc/multipath.conf ---> Multipath configuration
/etc/auto.master ---> Autofs main config
/etc/exports ---> NFS export configuration
Package & Repository Configuration
/etc/yum.conf ---> Yum configuration (RHEL 7)
/etc/yum.repos.d/ ---> Repository definitions
/etc/dnf/dnf.conf ---> DNF config (RHEL 8+)
/etc/rhsm/rhsm.conf ---> Subscription Manager config
/etc/pki/rpm-gpg/ ---> GPG keys
Kernel & Performance Tuning
/etc/sysctl.conf ---> Kernel parameter configuration
/etc/sysctl.d/ ---> Custom kernel tuning files
/proc/sys/ ---> Runtime kernel parameters
/etc/security/limits.conf ---> Process limits
/etc/tuned/ ---> Tuned profiles
Cron & Job Scheduling
/etc/crontab ---> System-wide cron jobs
/etc/cron.d/ ---> Additional cron jobs
/etc/cron.daily/ ---> Daily jobs
/etc/cron.hourly/ ---> Hourly jobs
/etc/anacrontab ---> Anacron jobs
Cluster Configuration (Pacemaker/Corosync)
/etc/corosync/corosync.conf ---> Corosync cluster config
/var/lib/pacemaker/cib/cib.xml ---> Cluster information base
/etc/drbd.conf ---> DRBD config
/etc/drbd.d/ ---> DRBD resource files
Satellite Client Configuration (If Registered)
/etc/rhsm/rhsm.conf ---> Subscription config
/etc/pki/consumer/ ---> Consumer certificates
/etc/yum.repos.d/redhat.repo ---> Satellite repo file
RHEL Logs & Troubleshooting Commands:
System Logs (General)
# journalctl ---> View all system logs
# journalctl -xe ---> Show recent errors with details
# journalctl -f ---> Follow logs live
# journalctl -b ---> Show logs from current boot
# journalctl -b -1 ---> Show logs from previous boot
# journalctl --since "1 hour ago" ---> Logs from last hour
# journalctl --since "2026-02-12 10:00:00" ---> Logs from specific time
# journalctl -p err ---> Show only error logs
# journalctl -k ---> Show kernel logs only
Service-Specific Troubleshooting
# systemctl status httpd ---> Check service status
# journalctl -u httpd ---> View logs for specific service
# journalctl -u sshd ---> SSH service logs
# journalctl -u NetworkManager ---> Network logs
# journalctl -u firewalld ---> Firewall logs
# journalctl -u crond ---> Cron logs
# systemctl list-units --failed ---> Show failed services
Boot & Startup Issues
# systemctl --failed ---> List failed units
# journalctl -xb ---> Boot errors only
# dmesg | less ---> Kernel boot messages
# cat /proc/cmdline ---> Kernel boot parameters
# lsblk ---> Check disk detection
# mount ---> Verify mounted filesystems
CPU & Memory Troubleshooting
# top ---> Real-time process monitoring
# htop ---> Advanced process viewer
# ps aux --sort=-%cpu | head ---> Top CPU processes
# ps aux --sort=-%mem | head ---> Top memory processes
# free -h ---> Memory usage
# vmstat 1 5 ---> Memory & CPU stats
# mpstat -P ALL 1 5 ---> Per-CPU usage
# sar -u 1 5 ---> CPU historical stats
Disk & Filesystem Issues
# df -h ---> Disk usage
# df -i ---> Inode usage
# du -sh /* ---> Directory usage
# lsblk ---> List disks
# blkid ---> UUID & filesystem type
# mount | column -t ---> Mounted filesystems
# lsof | grep deleted ---> Open deleted files (disk full issue)
# xfs_repair /dev/sdb1 ---> Repair XFS filesystem
# fsck /dev/sdb1 ---> Check filesystem
Network Troubleshooting
# ip a ---> Check IP address
# ip route ---> Check routing table
# ss -tulnp ---> Check listening ports
# netstat -tulnp ---> Legacy port check
# ping 8.8.8.8 ---> Test connectivity
# traceroute google.com ---> Trace route
# nmcli device status ---> Network status
# tcpdump -i eth0 ---> Capture traffic
# ethtool eth0 ---> Check NIC status
Authentication & Access Issues
# tail -f /var/log/secure ---> Monitor login attempts
# last ---> Last successful logins
# lastb ---> Failed login attempts
# faillog ---> Failed login report
# chage -l username ---> Password expiry info
# getenforce ---> Check SELinux mode
# ausearch -m AVC ---> SELinux denial logs
SELinux Troubleshooting
# sestatus ---> SELinux status
# getenforce ---> Current mode
# setenforce 0 ---> Temporary permissive mode
# audit2why < /var/log/audit/audit.log ---> Explain SELinux denial
# audit2allow -a ---> Generate allow rule
# restorecon -Rv /path ---> Fix SELinux context
Process Troubleshooting
# ps -ef | grep process_name ---> Find process
# pgrep process_name ---> Get PID
# kill -9 <PID> ---> Force kill process
# strace -p <PID> ---> Trace system calls
# lsof -p <PID> ---> Open files by process
# nice -n 10 command ---> Set process priority
# renice -n 5 -p <PID> ---> Change priority
Package & Dependency Issues
# yum history ---> View transaction history
# yum history info <ID> ---> Transaction details
# rpm -qa | grep package_name ---> Check installed package
# rpm -V package_name ---> Verify package integrity
# dnf check ---> Check dependency issues
Kernel & Hardware Troubleshooting
# uname -r ---> Kernel version
# lsmod ---> Loaded kernel modules
# modprobe module_name ---> Load module
# lsusb ---> USB devices
# lspci ---> PCI devices
# free -m ---> RAM check
# cat /proc/cpuinfo ---> CPU details
# smartctl -a /dev/sda ---> Disk health
No comments:
Post a Comment