adminCtrlX – Simplifying System Administration

Solaris health check script run from remote jump server

Make sure you can SSH into these hosts passwordlessly (using SSH keys).
Example:
Jump server : [root@inddcpjmp01 solaris]# ./solaris_health_check.sh indsuntst01

1. Remote Health Check Script (solaris_health_check.sh)

[root@inddcpjmp01 solaris]# cat solaris_health_check.sh

#!/bin/bash

# ===================================================================

# Solaris Health Check Script (Formatted Log Version)

# Author: Tasleem Ahmed Khan

# Version: 1.0

# ===================================================================

# Usage: ./solaris_health_check.sh <server1> [server2] [server3] ...

# Description: Performs complete health check of Solaris servers

# and writes clean, structured log files.

# ===================================================================

if [ $# -lt 1 ]; then

echo "Usage: $0 <server1> [server2] [server3] ..."

exit 1

timestamp=$(date +'%Y%m%d_%H%M%S')

log_dir="health_logs"

mkdir -p "$log_dir"

# ===================================================================

# Function: perform_health_check

# ===================================================================

perform_health_check() {

local server=$1

local logfile="${log_dir}/${server}_health_${timestamp}.log"

echo "=============================================================" | tee "$logfile"

echo " SOLARIS HEALTH CHECK REPORT" | tee -a "$logfile"

echo "=============================================================" | tee -a "$logfile"

echo " Server Name : $server" | tee -a "$logfile"

echo " Date & Time : $(date)" | tee -a "$logfile"

echo " Log File : $logfile" | tee -a "$logfile"

echo "=============================================================" | tee -a "$logfile"

ssh -o ConnectTimeout=10 "$server" bash <<'EOF' >> "$logfile" 2>&1

echo

echo "==================== SYSTEM INFORMATION ===================="

hostname=$(hostname)

os_version=$(cat /etc/release | head -1)

platform=$(uname -i)

kernel=$(uname -r)

arch=$(uname -p)

uptime_info=$(uptime | sed 's/^[ \t]*//')

echo "Hostname : $hostname"

echo "OS Version : $os_version"

echo "Platform : $platform"

echo "Kernel Version : $kernel"

echo "Architecture : $arch"

echo "Uptime : $uptime_info"

echo

# ------------------- CPU INFO -------------------

echo "==================== CPU INFORMATION ======================="

total_cpu=$(psrinfo | wc -l)

mpstat_out=$(mpstat 1 2 | tail -1)

idle_cpu=$(echo "$mpstat_out" | awk '{print $NF}')

used_cpu=$(echo "scale=2; 100 - $idle_cpu" | bc)

echo "Total CPU Cores : $total_cpu"

echo "CPU Used (%) : $used_cpu"

echo "CPU Free (%) : $idle_cpu"

echo "CPU Model Info :"

psrinfo -pv | sed 's/^/ /'

echo

# ------------------- MEMORY INFO -------------------

echo "==================== MEMORY INFORMATION ===================="

total_mem=$(prtconf | grep "Memory size" | awk '{print $3}')

mem_line=$(vmstat 1 2 | tail -1)

free_pages=$(echo "$mem_line" | awk '{print $5}')

pagesize=$(pagesize)

free_mem=$(echo "$free_pages * $pagesize / 1024 / 1024" | bc)

used_mem=$(echo "$total_mem - $free_mem" | bc)

echo "Total Memory (MB): $total_mem"

echo "Used Memory (MB) : $used_mem"

echo "Free Memory (MB) : $free_mem"

echo

# ------------------- DISK INFO -------------------

echo "==================== DISK INFORMATION ======================"

total_disk=$(df -k | awk 'NR>1 {sum+=$2} END {print sum/1024/1024}')

used_disk=$(df -k | awk 'NR>1 {sum+=$3} END {print sum/1024/1024}')

free_disk=$(df -k | awk 'NR>1 {sum+=$4} END {print sum/1024/1024}')

echo "Total Disk (GB): $total_disk"

echo "Used Disk (GB) : $used_disk"

echo "Free Disk (GB) : $free_disk"

echo

echo "--- Disk Usage Details ---"

df -h | awk '{printf " %-35s %-10s %-10s %-10s %-10s\n", $1,$2,$3,$4,$5}'

echo

# ------------------- LOAD & PROCESSES -------------------

echo "==================== SERVER LOAD & PROCESSES ==============="

load_avg=$(uptime | awk -F'load average: ' '{print $2}')

process_count=$(ps -ef | wc -l)

echo "Load Average : $load_avg"

echo "Running Processes : $process_count"

echo

echo "--- Top 10 CPU-Consuming Processes ---"

ps -eo pid,ppid,comm,vsz,pcpu | sort -k 4 -r | head -n 11

echo

echo "--- Top 10 Memory-Consuming Processes ---"

ps -eo pid,ppid,comm,pmem,pcpu | sort -r -n -k5 | head -n 11

echo

# ------------------- NETWORK INFO -------------------

echo "==================== NETWORK INFORMATION =================="

echo "--- Interface & IP Details ---"

ifconfig -a

echo

echo "--- Routing Table ---"

netstat -rn

echo

echo "--- Open Ports ---"

netstat -an | grep LISTEN | awk '{print $1, $4, $6}'

echo

echo "--- Active TCP Connections (Top 15) ---"

netstat -an | grep ESTABLISHED | head -n 15

echo

# ------------------- FILESYSTEM / ZFS -------------------

echo "==================== FILESYSTEM / ZFS STATUS ==============="

if command -v zpool >/dev/null 2>&1; then

echo "--- ZFS Pool Summary ---"

zpool list

echo

echo "--- ZFS Detailed Status ---"

zpool status

else

echo "ZFS not installed or not available."

echo

# ------------------- SERVICES & HARDWARE -------------------

echo "==================== SERVICES & HARDWARE =================="

echo "--- SMF Services Status ---"

svcs -xv

echo

echo "--- Hardware Diagnostics ---"

if command -v prtdiag >/dev/null 2>&1; then

prtdiag -v

else

echo "prtdiag not available."

echo

echo "--- Failed Services (if any) ---"

svcs -xv | grep -i "maintenance"

echo

EOF

echo

echo "Health check completed for $server"

echo "Log saved at: $logfile"

echo "-------------------------------------------------------------"

}

# ===================================================================

# Main Loop

# ===================================================================

for server in "$@"; do

echo "Running health check on $server..."

perform_health_check "$server"

done

echo

echo "============================================================="

echo "All health checks completed. Logs saved under: $log_dir"

echo "============================================================="

[root@inddcpjmp01 solaris]#

2. Example Output:

[root@inddcpjmp01 solaris]# ./solaris_health_check.sh indsuntst01

Running health check on indsuntst01...

=============================================================

SOLARIS HEALTH CHECK REPORT

=============================================================

Server Name : indsuntst01

Date & Time : Sunday 26 October 2025 01:15:10 PM IST

Log File : health_logs/indsuntst01_health_20251026_131510.log

=============================================================

Health check completed for indsuntst01

Log saved at: health_logs/indsuntst01_health_20251026_131510.log

-------------------------------------------------------------

=============================================================

All health checks completed. Logs saved under: health_logs

=============================================================

[root@inddcpjmp01 solaris]#

More details output:

[root@inddcpjmp01 solaris]# cat health_logs/indsuntst01_health_20251026_131510.log

=============================================================

SOLARIS HEALTH CHECK REPORT

=============================================================

Server Name : indsuntst01

Date & Time : Sunday 26 October 2025 01:15:10 PM IST

Log File : health_logs/indsuntst01_health_20251026_131510.log

=============================================================

==================== SYSTEM INFORMATION ====================

Hostname : indsuntst01

OS Version : Oracle Solaris 11.4 X86

Platform : i86pc

Kernel Version : 5.11

Architecture : i386

Uptime : 6:45pm up 37 min(s), 1 user, load average: 0.00, 0.00, 0.01

==================== CPU INFORMATION =======================

Total CPU Cores : 2

CPU Used (%) : 0

CPU Free (%) : 100

CPU Model Info :

The physical processor has 2 virtual processors (0-1)

x86 (AuthenticAMD 870F10 family 23 model 113 step 0 clock 3593 MHz)

AMD Ryzen 7 3700X 8-Core Processor

==================== MEMORY INFORMATION ====================

Total Memory (MB): 4096

Used Memory (MB) : -6293

Free Memory (MB) : 10389

==================== DISK INFORMATION ======================

Total Disk (GB): 254.553

Used Disk (GB) : 5.51858

Free Disk (GB) : 178.873

--- Disk Usage Details ---

Filesystem Size Used Available Capacity

rpool/ROOT/solaris 19G 2.7G 13G 17%

rpool/ROOT/solaris/var 19G 181M 13G 2%

/devices 0K 0K 0K 0%

/dev 0K 0K 0K 0%

ctfs 0K 0K 0K 0%

proc 0K 0K 0K 0%

mnttab 0K 0K 0K 0%

swap 3.4G 6.5M 3.4G 1%

swap 3.4G 4K 3.4G 1%

objfs 0K 0K 0K 0%

sharefs 0K 0K 0K 0%

fd 0K 0K 0K 0%

/usr/lib/libc/libc_hwcap2.so.1 16G 2.7G 13G 17%

rpool/VARSHARE 19G 2.8M 13G 1%

rpool/VARSHARE/tmp 19G 31K 13G 1%

rpool/VARSHARE/kvol 19G 31K 13G 1%

rpool/VARSHARE/zones 19G 31K 13G 1%

rpool/export 19G 32K 13G 1%

rpool/export/home 19G 37K 13G 1%

rpool 19G 4.3M 13G 1%

rpool/VARSHARE/pkg 19G 32K 13G 1%

rpool/VARSHARE/pkg/repositories 19G 31K 13G 1%

rpool/VARSHARE/sstore 19G 2.9M 13G 1%

==================== SERVER LOAD & PROCESSES ===============

Load Average : oad average: 0.00, 0.00, 0.01

Running Processes : 80

--- Top 10 CPU-Consuming Processes ---

831 1 /usr/lib/devchassis/devchassisd 4492 0.0

784 762 /usr/lib/hal/hald-addon-storage 4252 0.0

867 861 /usr/apache2/2.4/bin/rotatelogs 3752 0.0

863 861 /usr/apache2/2.4/bin/rotatelogs 3752 0.0

1051 1 /usr/lib/fm/notify/smtp-notify 12316 0.0

1048 1 /usr/lib/fm/notify/asr-notify 12380 0.0

773 762 /usr/lib/hal/hald-addon-acpi 5804 0.0

1044 1 /usr/lib/sstore/bin/sysstatd 27544 0.0

812 1 /usr/lib/sstore/bin/sstored 195660 0.1

313 1 /usr/lib/devfsadm/devfsadmd 15172 0.0

279 1 /usr/lib/sysevent/syseventd 11532 0.0

--- Top 10 Memory-Consuming Processes ---

1656 1653 bash 0.1 0.1

1653 627 /usr/lib/ssh/sshd 0.2 0.1

812 1 /usr/lib/sstore/bin/sstored 4.3 0.1

1723 1656 head 0.0 0.0

1722 1656 sort 0.1 0.0

1721 1656 ps 0.1 0.0

1460 1457 -bash 0.1 0.0

1457 627 /usr/lib/ssh/sshd 0.2 0.0

1118 1 /usr/lib/inet/sendmail 0.1 0.0

1115 1 /usr/lib/inet/sendmail 0.1 0.0

1095 1 /usr/sbin/dhcpagent 0.2 0.0

==================== NETWORK INFORMATION ==================

--- Interface & IP Details ---

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

inet 127.0.0.1 netmask ff000000

net0: flags=100001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,PHYSRUNNING> mtu 1500 index 2

inet 192.168.10.245 netmask ffffff00 broadcast 192.168.10.255

ether 0:c:29:b0:45:66

lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1

inet6 ::1/128

net0: flags=120002004841<UP,RUNNING,MULTICAST,DHCP,IPv6,PHYSRUNNING> mtu 1500 index 2

inet6 fe80::20c:29ff:feb0:4566/10

ether 0:c:29:b0:45:66

--- Routing Table ---

Routing Table: IPv4

Destination Gateway Flags Ref Use Interface

-------------------- -------------------- ----- ----- ---------- ---------

default 192.168.10.1 UG 1 0

127.0.0.1 127.0.0.1 UH 2 58 lo0

192.168.10.0 192.168.10.245 U 6 1059 net0

Routing Table: IPv6

Destination/Mask Gateway Flags Ref Use If

--------------------------- --------------------------- ----- --- ------- -----

::1 ::1 UH 2 14 lo0

fe80::/10 fe80::20c:29ff:feb0:4566 U 2 0 net0

--- Open Ports ---

127.0.0.1.5999 0 0

*.22 0 0

127.0.0.1.631 0 0

*.111 0 0

*.515 0 0

*.6787 0 0

127.0.0.1.4999 0 0

127.0.0.1.25 0 0

127.0.0.1.587 0 0

::1.5999 0 0

*.22 0 0

::1.631 0 0

*.111 0 0

*.515 0 0

*.6787 0 0

::1.25 0 0

--- Active TCP Connections (Top 15) ---

192.168.10.245.22 192.168.10.105.51866 63488 0 256296 0 ESTABLISHED

192.168.10.245.22 192.168.10.105.35844 84480 0 256296 0 ESTABLISHED

==================== FILESYSTEM / ZFS STATUS ===============

--- ZFS Pool Summary ---

NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT

rpool 19.6G 6.08G 13.5G 30% 1.00x ONLINE -

--- ZFS Detailed Status ---

pool: rpool

state: ONLINE

scan: none requested

config:

NAME STATE READ WRITE CKSUM

rpool ONLINE 0 0 0

c2t0d0 ONLINE 0 0 0

errors: No known data errors

==================== SERVICES & HARDWARE ==================

--- SMF Services Status ---

svc:/network/ntp:default (Network Time Protocol (NTP) Version 4)

State: maintenance since Sun Oct 26 18:08:38 2025

Reason: Start method exited with $SMF_EXIT_ERR_CONFIG.

See: http://support.oracle.com/msg/SMF-8000-KS

See: man -M /usr/share/man -s 4 ntp.conf

See: man -M /usr/share/man -s 8 ntpd

See: man -M /usr/share/man -s 8 ntpq

See: /var/svc/log/network-ntp:default.log

Impact: This service is not running.

--- Hardware Diagnostics ---

System Configuration: VMware, Inc. VMware Virtual Platform

BIOS Configuration: Phoenix Technologies LTD 6.00 11/12/2020

==== Processor Sockets ====================================

Version Location Tag

-------------------------------- --------------------------

AMD Ryzen 7 3700X 8-Core Processor CPU #001

==== Memory Device Sockets ================================

Type Status Set Device Locator Bank Locator

----------- ------ --- ------------------- ----------------

DRAM in use 0 RAM slot #0 RAM slot #0

DRAM empty 0 RAM slot #1 RAM slot #1

DRAM empty 0 RAM slot #2 RAM slot #2

DRAM empty 0 RAM slot #3 RAM slot #3

DRAM empty 0 RAM slot #4 RAM slot #4

DRAM empty 0 RAM slot #5 RAM slot #5

DRAM empty 0 RAM slot #6 RAM slot #6

DRAM empty 0 RAM slot #7 RAM slot #7

DRAM empty 0 RAM slot #8 RAM slot #8

DRAM empty 0 RAM slot #9 RAM slot #9

DRAM empty 0 RAM slot #10 RAM slot #10

DRAM empty 0 RAM slot #11 RAM slot #11

DRAM empty 0 RAM slot #12 RAM slot #12

DRAM empty 0 RAM slot #13 RAM slot #13

DRAM empty 0 RAM slot #14 RAM slot #14

DRAM empty 0 RAM slot #15 RAM slot #15

DRAM empty 0 RAM slot #16 RAM slot #16

DRAM empty 0 RAM slot #17 RAM slot #17

DRAM empty 0 RAM slot #18 RAM slot #18

DRAM empty 0 RAM slot #19 RAM slot #19

DRAM empty 0 RAM slot #20 RAM slot #20

DRAM empty 0 RAM slot #21 RAM slot #21

DRAM empty 0 RAM slot #22 RAM slot #22

DRAM empty 0 RAM slot #23 RAM slot #23

DRAM empty 0 RAM slot #24 RAM slot #24

DRAM empty 0 RAM slot #25 RAM slot #25

DRAM empty 0 RAM slot #26 RAM slot #26

DRAM empty 0 RAM slot #27 RAM slot #27

DRAM empty 0 RAM slot #28 RAM slot #28

DRAM empty 0 RAM slot #29 RAM slot #29

DRAM empty 0 RAM slot #30 RAM slot #30

DRAM empty 0 RAM slot #31 RAM slot #31

DRAM empty 0 RAM slot #32 RAM slot #32

DRAM empty 0 RAM slot #33 RAM slot #33

DRAM empty 0 RAM slot #34 RAM slot #34

DRAM empty 0 RAM slot #35 RAM slot #35

DRAM empty 0 RAM slot #36 RAM slot #36

DRAM empty 0 RAM slot #37 RAM slot #37

DRAM empty 0 RAM slot #38 RAM slot #38

DRAM empty 0 RAM slot #39 RAM slot #39

DRAM empty 0 RAM slot #40 RAM slot #40

DRAM empty 0 RAM slot #41 RAM slot #41

DRAM empty 0 RAM slot #42 RAM slot #42

DRAM empty 0 RAM slot #43 RAM slot #43

DRAM empty 0 RAM slot #44 RAM slot #44

DRAM empty 0 RAM slot #45 RAM slot #45

DRAM empty 0 RAM slot #46 RAM slot #46

DRAM empty 0 RAM slot #47 RAM slot #47

DRAM empty 0 RAM slot #48 RAM slot #48

DRAM empty 0 RAM slot #49 RAM slot #49

DRAM empty 0 RAM slot #50 RAM slot #50

DRAM empty 0 RAM slot #51 RAM slot #51

DRAM empty 0 RAM slot #52 RAM slot #52

DRAM empty 0 RAM slot #53 RAM slot #53

DRAM empty 0 RAM slot #54 RAM slot #54

DRAM empty 0 RAM slot #55 RAM slot #55

DRAM empty 0 RAM slot #56 RAM slot #56

DRAM empty 0 RAM slot #57 RAM slot #57

DRAM empty 0 RAM slot #58 RAM slot #58

DRAM empty 0 RAM slot #59 RAM slot #59

DRAM empty 0 RAM slot #60 RAM slot #60

DRAM empty 0 RAM slot #61 RAM slot #61

DRAM empty 0 RAM slot #62 RAM slot #62

DRAM empty 0 RAM slot #63 RAM slot #63

other empty 0 NVD #0 NVD #0

other empty 0 NVD #1 NVD #1

other empty 0 NVD #2 NVD #2

other empty 0 NVD #3 NVD #3

other empty 0 NVD #4 NVD #4

other empty 0 NVD #5 NVD #5

other empty 0 NVD #6 NVD #6

other empty 0 NVD #7 NVD #7

other empty 0 NVD #8 NVD #8

other empty 0 NVD #9 NVD #9

other empty 0 NVD #10 NVD #10

other empty 0 NVD #11 NVD #11

other empty 0 NVD #12 NVD #12

other empty 0 NVD #13 NVD #13

other empty 0 NVD #14 NVD #14

other empty 0 NVD #15 NVD #15

other empty 0 NVD #16 NVD #16

other empty 0 NVD #17 NVD #17

other empty 0 NVD #18 NVD #18

other empty 0 NVD #19 NVD #19

other empty 0 NVD #20 NVD #20

other empty 0 NVD #21 NVD #21

other empty 0 NVD #22 NVD #22

other empty 0 NVD #23 NVD #23

other empty 0 NVD #24 NVD #24

other empty 0 NVD #25 NVD #25

other empty 0 NVD #26 NVD #26

other empty 0 NVD #27 NVD #27

other empty 0 NVD #28 NVD #28

other empty 0 NVD #29 NVD #29

other empty 0 NVD #30 NVD #30

other empty 0 NVD #31 NVD #31

other empty 0 NVD #32 NVD #32

other empty 0 NVD #33 NVD #33

other empty 0 NVD #34 NVD #34

other empty 0 NVD #35 NVD #35

other empty 0 NVD #36 NVD #36

other empty 0 NVD #37 NVD #37

other empty 0 NVD #38 NVD #38

other empty 0 NVD #39 NVD #39

other empty 0 NVD #40 NVD #40

other empty 0 NVD #41 NVD #41

other empty 0 NVD #42 NVD #42

other empty 0 NVD #43 NVD #43

other empty 0 NVD #44 NVD #44

other empty 0 NVD #45 NVD #45

other empty 0 NVD #46 NVD #46

other empty 0 NVD #47 NVD #47

other empty 0 NVD #48 NVD #48

other empty 0 NVD #49 NVD #49

other empty 0 NVD #50 NVD #50

other empty 0 NVD #51 NVD #51

other empty 0 NVD #52 NVD #52

other empty 0 NVD #53 NVD #53

other empty 0 NVD #54 NVD #54

other empty 0 NVD #55 NVD #55

other empty 0 NVD #56 NVD #56

other empty 0 NVD #57 NVD #57

other empty 0 NVD #58 NVD #58

other empty 0 NVD #59 NVD #59

other empty 0 NVD #60 NVD #60

other empty 0 NVD #61 NVD #61

other empty 0 NVD #62 NVD #62

other empty 0 NVD #63 NVD #63

==== On-Board Devices =====================================

VMware SVGA II

ES1371

==== Upgradeable Slots ====================================

ID Status Type Description

--- --------- ---------------- ----------------------------

0 unknown ISA ISA Slot J8

0 unknown ISA ISA Slot J9

0 unknown ISA ISA Slot J10

1 in use PCI PCI Slot J11

2 in use PCI PCI Slot J12

3 in use PCI PCI Slot J13

4 available PCI PCI Slot J14

--- Failed Services (if any) ---

State: maintenance since Sun Oct 26 18:08:38 2025

[root@inddcpjmp01 solaris]#

Unix System Administrator

Welcome to TechSysAdm, your go-to blog for practical insights, troubleshooting tips, and best practices in managing mission-critical enterprise systems. Here, we cover everything from AIX, RHEL, SUSE Linux, Solaris, VMware, and Windows servers to enterprise databases and DevOps environments, helping IT professionals optimize performance, ensure reliability, and solve complex system challenges.

Fixing Volume Group ODM Corruption in AIX

In AIX, the ODM (Object Data Manager) stores configuration details of volume groups and logical volumes. If these entries become corrupted or out of sync, system commands may fail or show incorrect volume group information.

1. Gathering ODM data
Use the following script to find LVM data in ODM. Name it as you want. Run it
with one argument, such as LV_NAME. or PV_NAME.
#!/usr/bin/ksh
for class in CuAt CuDv CuDep CuDvDr PdAt PdDv
do
odmget $class | grep -ip $1
done

2. Fixing Non-rootvg Volume Groups

For non-root volume groups, ODM corruption can be corrected by exporting and re-importing the volume group:
# varyoffvg data_vg
# exportvg data_vg
# importvg -y data_vg hdisk#

varyoffvg deactivates the volume group.
exportvg removes ODM entries for the volume group.
importvg recreates the ODM entries from disk metadata.

3. Fixing rootvg ODM Corruption
For the root volume group (rootvg), use the redefinevg command:
# redefinevg rootvg -d hdisk1

This command scans all disks, determines volume group membership, and rebuilds the ODM entries for rootvg.

4. Synchronizing LVM Information
If both ODM and LVM (Logical Volume Manager) information on disk are corrupted, use:
# synclvodm -v myvg

This synchronizes and rebuilds the LVCB (Logical Volume Control Block), the ODM database, and the VGDA (Volume Group Descriptor Areas).

Unix System Administrator

Problems with Importing a Volume Group in AIX

When using the importvg command to bring an existing volume group (VG) into an AIX system, several issues can occur due to system compatibility or disk configuration problems.

1. AIX Version Compatibility
Each version of AIX introduces new LVM features (like large or scalable volume groups).
These features may modify the VGDA (Volume Group Descriptor Area) format.
Older AIX versions may not recognize newer VG formats.
Always ensure the AIX level supports the VG being imported.

2. Disk Availability and PVID Verification
Before running importvg, confirm that all disks in the VG are recognized by AIX and have valid PVIDs (Physical Volume Identifiers) stored in the ODM:
# lspv
If any disk shows “none” under PVID (e.g., hdisk5 none none), fix it using:
# chdev -l hdisk5 -a pv=yes
This reads the PVID from the disk and updates the ODM (only writes a new PVID if none exists).

3. Reconfiguring Disks
If the PVID issue remains, remove and reconfigure the disk:
# rmdev -l hdisk5 -d
# cfgmgr

Unix System Administrator

RHEL Linux ioining to an active directory (AD) domain

Integrating Red Hat Enterprise Linux (RHEL) systems with Active Directory (AD) simplifies centralized authentication, user management, and access control. Using SSSD (System Security Services Daemon), Linux hosts can seamlessly authenticate AD users, manage permissions, and enforce access policies across your enterprise. This guide walks you through joining RHEL 7, 8, 9, or 10 to AD, with detailed steps, troubleshooting tips, and best practices.

Prerequisites

Before starting, ensure your system meets the following requirements:

RHEL Installation: RHEL 7/8/9/10 with root or sudo access.

Network Connectivity: The Linux host must reach AD Domain Controllers (DCs) on these ports:

53 – DNS
88 – Kerberos
389 – LDAP
464 – Kerberos password changes
445 – SMB

DNS: Point /etc/resolv.conf to your AD DCs:

nameserver <DC_IP>

Verify SRV records:

# nslookup -type=SRV _ldap._tcp.example.com

Hostname: Set a fully qualified hostname:

# hostnamectl set-hostname myhost.example.com

# hostnamectl

Update /etc/hosts if short-name resolution is needed.

Time Synchronization: Install chrony or ntp. Sync with DC:

# ntpdate -u <DC_IP>

# chronyc sources

Kerberos authentication fails if clocks drift more than 5 minutes.

AD Account: A user with domain join permissions (Domain Admin or delegated rights).

Firewall: Temporarily disable with:

# systemctl stop firewalld

Install Required Packages

Install the necessary packages using DNF (RHEL 8+) or YUM (RHEL 7):

# sudo dnf install realmd sssd krb5-workstation samba-common-tools oddjob oddjob-mkhomedir adcli openldap-clients sssd-tools

Package Overview:

realmd: Automates domain discovery and joining.
sssd: Manages caching, authentication, and identity lookups.
krb5-workstation: Kerberos tools like kinit.
samba-common-tools: AD utilities such as net ads.
oddjob-mkhomedir: Creates home directories on login.
adcli & openldap-clients: AD enrollment and LDAP queries.

Enable and start the oddjobd service:

# sudo systemctl enable --now oddjobd

Configure Kerberos

Before joining the domain, configure /etc/krb5.conf for encryption types supported by modern AD:

[libdefaults]

default_realm = EXAMPLE.COM

dns_lookup_realm = true

dns_lookup_kdc = true

rdns = false

ticket_lifetime = 24h

renew_lifetime = 7d

[realms]

EXAMPLE.COM = {

kdc = dc.example.com

admin_server = dc.example.com

permitted_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha256-128 rc4-hmac

}

Test Kerberos:

# kinit Administrator

# klist

Discover the AD Domain

Probe your domain to ensure connectivity:

# realm discover example.com

Use --verbose for detailed diagnostics.

If discovery fails, verify DNS, ports, and network connectivity.

Join the Domain

Join the domain using an AD admin account:

# sudo realm join --user=Administrator example.com

Optional Parameters:

--computer-ou="OU=Linux,DC=example,DC=com" – place the host in a specific AD OU.
--automatic-id-mapping=no – use explicit ID mapping.
--verbose – show detailed progress.
For RHEL 7, add --install=/.

Verify the join:

# realm list

Configure SSSD

realm join automatically generates a default /etc/sssd/sssd.conf. Customize if needed:

[sssd]

domains = example.com

config_file_version = 2

services = nss, pam, sudo, autofs, ssh

[domain/example.com]

ad_domain = example.com

krb5_realm = EXAMPLE.COM

realmd_tags = manages-system joined-with-samba

cache_credentials = True

id_provider = ad

auth_provider = ad

chpass_provider = ad

sudo_provider = ad

fallback_homedir = /home/%u@%d

default_shell = /bin/bash

ldap_id_mapping = True

use_fully_qualified_names = True

access_provider = ad

dyndns_update = True

Secure the configuration:

# sudo chmod 600 /etc/sssd/sssd.conf

# sudo systemctl restart sssd

# sss_cache -E

Verification and Testing

Check users/groups:

# id user@example.com

# getent passwd user@example.com

# getent group "Domain Users@example.com"

SSH Login: Home directories are auto-created if oddjob-mkhomedir is installed.

Kerberos Ticket:

# klist

Logs:

# journalctl -u sssd

less /var/log/sssd/*

Grant Sudo Access to AD Users

Create a sudoers file for AD groups:

# sudo tee /etc/sudoers.d/admins <<EOF

%Domain\ Admins@example.com ALL=(ALL) ALL

EOF

Validate syntax:

# visudo -c

AD users in the group can now use sudo without local accounts. Using sudo_provider = ad in SSSD allows dynamic rule management.

Troubleshooting

Join fails: Check DNS (dig SRV _ldap._tcp.example.com), time sync, ports (telnet dc.example.com 389), firewall.
Auth fails: sss_cache -E, systemctl restart sssd, verify /etc/nsswitch.conf has sss for passwd/group.
ID mapping: Set ldap_id_mapping = True or use adcli update for range allocation.
Home dirs: Ensure pam_oddjob_mkhomedir.so in /etc/pam.d/sshd.
Leave domain: realm leave --remove.

Conclusion

Joining RHEL systems to Active Directory with SSSD provides a secure, centralized authentication framework. By following this guide, your Linux hosts can seamlessly integrate into AD environments, simplifying user management and enforcing enterprise access policies.

Unix System Administrator

RHEL Linux CLI All In One

RHEL – User ID & Access Management:

User Management

# useradd username ---> Create new user

# useradd -m username ---> Create user with home directory

# useradd -m -d /home/custom -s /bin/bash user ---> Custom home & shell

# useradd -u 2001 username ---> Create user with specific UID

# useradd -g groupname username ---> Set primary group

# useradd -G group1,group2 username ---> Add secondary groups

# passwd username ---> Set or change password

# usermod username ---> Modify user

# usermod -l newname oldname ---> Rename user

# usermod -d /new/home -m username ---> Change home directory

# usermod -s /bin/sh username ---> Change shell

# usermod -u 3001 username ---> Change UID

# usermod -aG wheel username ---> Add to sudo group

# userdel username ---> Delete user

# userdel -r username ---> Delete user with home directory

Group Management

# groupadd groupname ---> Create group

# groupadd -g 4000 groupname ---> Create group with specific GID

# groupmod -n newname oldname ---> Rename group

# groupmod -g 5000 groupname ---> Change GID

# groupdel groupname ---> Delete group

# gpasswd -a username groupname ---> Add user to group

# gpasswd -d username groupname ---> Remove user from group

# newgrp groupname ---> Switch primary group temporarily

User Information & Verification

# id username ---> Show UID, GID, groups

# id -u username ---> Show UID only

# id -g username ---> Show GID only

# groups username ---> Show user groups

# getent passwd username ---> Get user entry

# getent group groupname ---> Get group entry

# whoami ---> Current logged user

# who ---> Logged-in users

# w ---> Logged-in users with processes

# last ---> Login history

# lastb ---> Failed login attempts

# lastlog ---> Last login of all users

Password & Account Policies

# chage -l username ---> Show password aging info

# chage -M 90 username ---> Set password expiry (90 days)

# chage -m 7 username ---> Minimum days before change

# chage -W 7 username ---> Warning before expiry

# chage -E 2026-12-31 username ---> Set account expiration date

# passwd -l username ---> Lock account

# passwd -u username ---> Unlock account

# passwd -e username ---> Force password change at next login

# faillog ---> Show failed login attempts

# faillog -u username ---> Failed login details for user

Sudo & Privilege Management

# visudo ---> Safely edit sudoers file

# cat /etc/sudoers ---> View sudo config

# ls /etc/sudoers.d/ ---> Additional sudo rules

# usermod -aG wheel username ---> Add to sudo group (RHEL default)

# sudo -l ---> Check allowed sudo commands

File Ownership & Permissions

# chown user file ---> Change file owner

# chown user:group file ---> Change owner & group

# chgrp group file ---> Change group ownership

# chmod 755 file ---> Set rwxr-xr-x permission

# chmod u+x file ---> Add execute for owner

# chmod g-w file ---> Remove write for group

# stat file ---> Show detailed file info

Special Permissions

# chmod 4755 file ---> Set SUID

# chmod 2755 directory ---> Set SGID

# chmod 1777 /shared ---> Set Sticky Bit

# ls -l ---> View special permissions

Access Control Lists (ACL)

# setfacl -m u:username:rwx file ---> Give user rwx access

# setfacl -m g:groupname:rw file ---> Give group access

# getfacl file ---> View ACL

# setfacl -x u:username file ---> Remove ACL

# setfacl -b file ---> Remove all ACLs

Default User Settings

/etc/login.defs ---> Default password policies

/etc/default/useradd ---> Default new user settings

/etc/skel/ ---> Default home directory template

Account Locking & Security

# passwd -S username ---> Password status

# chattr +i file ---> Make file immutable

# chattr -i file ---> Remove immutable

# lsattr file ---> View attributes

# getenforce ---> Check SELinux mode

RHEL – Performance & System Monitoring

CPU Monitoring

# top ---> Real-time CPU & process usage

# htop ---> Advanced interactive monitor

# mpstat -P ALL 1 5 ---> Per-CPU usage (sysstat)

# sar -u 1 5 ---> CPU usage statistics

# uptime ---> Load average

# vmstat 1 5 ---> CPU + memory summary

# ps aux --sort=-%cpu | head ---> Top CPU-consuming processes

# pidstat 1 ---> CPU usage per PID

# lscpu ---> CPU architecture info

Memory Monitoring

# free -h ---> Memory usage (human readable)

# free -m ---> Memory usage in MB

# vmstat 1 5 ---> Memory statistics

# sar -r 1 5 ---> Memory usage history

# ps aux --sort=-%mem | head ---> Top memory processes

# pmap <PID> ---> Memory usage per process

# cat /proc/meminfo ---> Detailed memory info

Disk Usage Monitoring

# df -h ---> Disk usage

# df -i ---> Inode usage

# du -sh * ---> Directory usage

# du -sh /var/* ---> Check large directories

# lsblk ---> List block devices

# blkid ---> Filesystem UUID

# mount | column -t ---> Mounted filesystems

Disk Full Troubleshooting:

# lsof | grep deleted ---> Deleted but open files

Disk I/O Monitoring

# iostat -x 1 5 ---> Extended I/O statistics

# iotop ---> Real-time disk I/O per process

# sar -d 1 5 ---> Disk activity history

# vmstat 1 5 ---> Check I/O wait

Network Monitoring

# ss -tulnp ---> Listening ports

# netstat -tulnp ---> Legacy port check

# ip -s link ---> Network interface stats

# sar -n DEV 1 5 ---> Network usage stats

# ifconfig ---> Interface info (legacy)

# ethtool eth0 ---> NIC details

# tcpdump -i eth0 ---> Capture packets

# nload ---> Network traffic monitor

Process Monitoring

# ps -ef ---> All running processes

# ps aux ---> Process usage

# pgrep process_name ---> Get process PID

# top -p <PID> ---> Monitor specific process

# strace -p <PID> ---> Trace system calls

# lsof -p <PID> ---> Open files by process

# kill -9 <PID> ---> Force kill process

Swap Monitoring

# swapon -s ---> Swap usage

# free -h ---> Check swap usage

# vmstat 1 5 ---> Swap in/out activity

# cat /proc/swaps ---> Swap details

System Load & Uptime

# uptime ---> System uptime & load

# w ---> Logged users + load

# who ---> Logged users

# last ---> Login history

Kernel & Hardware Monitoring

# dmesg | tail ---> Kernel messages

# journalctl -k ---> Kernel logs

# lsmod ---> Loaded modules

# free -m ---> RAM check

# lspci ---> PCI devices

# lsusb ---> USB devices

# smartctl -a /dev/sda ---> Disk health

Performance Historical Data (sysstat package)

# sar -u ---> CPU history

# sar -r ---> Memory history

# sar -d ---> Disk history

# sar -n DEV ---> Network history

# sar -q ---> Load average history

RHEL – Service Management (Systemd):

Basic Service Control

# systemctl start service_name ---> Start a service

# systemctl stop service_name ---> Stop a service

# systemctl restart service_name ---> Restart a service

# systemctl reload service_name ---> Reload configuration (no restart)

# systemctl status service_name ---> Check service status

# systemctl is-active service_name ---> Check if service is running

# systemctl is-enabled service_name ---> Check if service is enabled at boot

Enable / Disable Services at Boot

# systemctl enable service_name ---> Enable service at boot

# systemctl disable service_name ---> Disable service at boot

# systemctl enable --now service_name ---> Enable + start immediately

# systemctl disable --now service_name ---> Disable + stop immediately

Mask / Unmask Services

# systemctl mask service_name ---> Prevent service from starting

# systemctl unmask service_name ---> Allow service to start

List Services

# systemctl list-units --type=service ---> List running services

# systemctl list-units --type=service --all ---> List all services

# systemctl list-unit-files ---> List all service unit files

# systemctl --failed ---> List failed services

View Logs (journalctl)

# journalctl -u service_name ---> Logs for specific service

# journalctl -u service_name -f ---> Follow service logs live

# journalctl -xe ---> Recent errors

# journalctl -b ---> Logs from current boot

# journalctl -b -1 ---> Logs from previous boot

Reload Systemd & Daemon

# systemctl daemon-reload ---> Reload unit files after changes

# systemctl daemon-reexec ---> Restart systemd process

Service Dependencies

# systemctl list-dependencies service_name ---> Show service dependencies

# systemctl show service_name ---> Detailed service properties

Old runlevels replaced by targets.

# systemctl get-default ---> Current default target

# systemctl set-default multi-user.target ---> Set CLI mode

# systemctl set-default graphical.target ---> Set GUI mode

# systemctl isolate multi-user.target ---> Switch target immediately

Service Timeout & Kill

# systemctl kill service_name ---> Kill service process

# systemctl reset-failed service_name ---> Reset failed state

RHEL – Job Scheduling (Cron & Systemd Timers):

Cron Basics

Edit & List Cron Jobs

# crontab -e ---> Edit current user cron jobs

# crontab -l ---> List current user cron jobs

# crontab -r ---> Remove current user cron jobs

# crontab -u username -e ---> Edit another user's cron

Cron Format

* * * * * command

│ │ │ │ │

│ │ │ │ └── Day of week (0–7) (Sun=0 or 7)

│ │ │ └──── Month (1–12)

│ │ └────── Day of month (1–31)

│ └──────── Hour (0–23)

└────────── Minute (0–59)

Cron Examples

0 2 * * * /backup.sh ---> Daily at 2 AM

*/5 * * * * /script.sh ---> Every 5 minutes

0 0 * * 0 /weekly.sh ---> Every Sunday midnight

30 14 1 * * /monthly.sh ---> 1st day of month 2:30 PM

@reboot /startup.sh ---> Run at system boot

System-Wide Cron Locations

/etc/crontab ---> System-wide cron file

/etc/cron.d/ ---> Custom cron jobs

/etc/cron.daily/ ---> Daily jobs

/etc/cron.hourly/ ---> Hourly jobs

/etc/cron.weekly/ ---> Weekly jobs

/etc/cron.monthly/ ---> Monthly jobs

Cron Service Management

# systemctl status crond ---> Check cron service

# systemctl start crond ---> Start cron

# systemctl enable crond ---> Enable at boot

# systemctl restart crond ---> Restart cron

Anacron (For Systems Not Always Running)

/etc/anacrontab ---> Anacron configuration

Systemd Timer Management

# systemctl list-timers ---> List active timers

# systemctl status myjob.timer ---> Check timer status

# systemctl stop myjob.timer ---> Stop timer

# systemctl disable myjob.timer ---> Disable timer

# journalctl -u myjob.service ---> Check job logs

OnCalendar Examples (Systemd)

OnCalendar=*-*-* 02:00:00 ---> Daily at 2 AM

OnCalendar=Mon *-*-* 09:00:00 ---> Every Monday 9 AM

OnCalendar=weekly ---> Weekly

OnCalendar=monthly ---> Monthly

OnCalendar=*-*-01 00:00:00 ---> First of month

Network Management

# nmcli device status ---> Display network info

# nmcli connection show ---> Show network connections

# nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24 ---> Set static IP

# nmcli connection modify eth0 ipv4.gateway 192.168.1.1 ---> Set static gateway

# nmcli connection modify eth0 ipv4.method manual ---> Set static IP method

# nmcli connection up eth0 ---> Bring up network interface

# systemctl restart NetworkManager ---> Restart NetworkManager

# firewall-cmd --state ---> Check firewall status

# firewall-cmd --get-active-zones ---> List firewall zones

# firewall-cmd --permanent --add-port=8080/tcp ---> Open port permanently

# firewall-cmd --reload ---> Reload firewall

# traceroute google.com ---> Test network connection

# ip a ---> Show IP addresses

# ip link ---> Show network interfaces

# ip route ---> Show routing table

# ping 8.8.8.8 ---> Test connectivity

# dig google.com ---> DNS lookup (bind-utils)

# nslookup google.com ---> DNS query (legacy)

# curl -I https://example.com ---> Test HTTP connectivity

# tcpdump -i eth0 ---> Capture network traffic

# ethtool eth0 ---> Show network interface details

# nmcli general status ---> NetworkManager general status

# nmcli networking off/on ---> Turn networking off/on

Check Listening Ports

# ss -lnt ---> TCP listening

# ss -lnu ---> UDP listening

# ss -plant ---> Ports + process

RHEL Storage, Partition, Filesystem & LVM Management

Partition & Filesystem Management

# blkid ---> View partition UUIDs

# lsblk ---> List block devices

# lsblk -f ---> Show filesystem type info

# fdisk -l ---> Show partition table

# parted /dev/sdb print ---> Show GPT/MBR partition info

# parted /dev/sdb mklabel gpt ---> Create GPT partition table

# parted /dev/sdb mkpart primary xfs 1MiB 10GiB ---> Create partition

# mkswap /dev/sdb2 ---> Create swap partition

# swapon /dev/sdb2 ---> Enable swap

# swapoff /dev/sdb2 ---> Disable swap

# echo '/dev/sdb2 swap swap defaults 0 0' | tee -a /etc/fstab ---> Persist swap in fstab

# mkfs.ext4 /dev/sdb1 ---> Format partition with EXT4

# mkfs.xfs /dev/sdb1 ---> Format partition with XFS

# mount /dev/sdb1 /mnt ---> Mount filesystem

# umount /mnt ---> Unmount filesystem

# df -h ---> Check disk usage by mounted partitions

# df -i ---> Check inode usage

# tune2fs -l /dev/sdb1 ---> View EXT filesystem details

# resize2fs /dev/sdb1 10G ---> Resize EXT filesystem

# xfs_growfs /mnt ---> Grow XFS filesystem

# parted /dev/sdb resizepart 1 100GB ---> Resize partition

# partprobe /dev/sdb ---> Inform kernel about partition changes

# stat /file ---> Show file metadata info

# smartctl -a /dev/sdb ---> Check disk SMART health

# ls -l /mnt ---> Check files and permissions

# df -Th ---> Show filesystem type with usage

LVM Management

# pvcreate /dev/sdb1 ---> Create physical volume (PV)

# pvdisplay ---> Display PV details

# pvs ---> List all PVs

# pvremove /dev/sdb1 ---> Remove PV

# vgcreate my_vg /dev/sdb1 ---> Create volume group (VG)

# vgextend my_vg /dev/sdc1 ---> Add PV to VG

# vgreduce my_vg /dev/sdc1 ---> Remove PV from VG

# vgdisplay ---> Display VG details

# vgs ---> List all VGs

# vgremove my_vg ---> Remove VG

# lvcreate -L 5G -n my_lv my_vg ---> Create logical volume (LV)

# lvcreate -l 100%FREE -n data_lv my_vg ---> Use all free space for LV

# lvdisplay ---> Display LV details

# lvs ---> List all LVs

# lvremove /dev/my_vg/my_lv ---> Remove LV

# mkfs.xfs /dev/my_vg/my_lv ---> Format LV with XFS

# mkfs.ext4 /dev/my_vg/my_lv ---> Format LV with EXT4

# mount /dev/my_vg/my_lv /data ---> Mount LV

# umount /data ---> Unmount LV

# echo '/dev/my_vg/my_lv /data xfs defaults 0 0' | tee -a /etc/fstab ---> Persist LV mount

# lvextend -L +5G /dev/my_vg/my_lv ---> Extend LV by 5GB

# xfs_growfs /data ---> Grow XFS filesystem

# resize2fs /dev/my_vg/my_lv ---> Resize EXT filesystem

# lvcreate -L 1G -s -n snap_lv /dev/my_vg/my_lv ---> Create LV snapshot

# lvconvert --merge /dev/my_vg/snap_lv ---> Merge snapshot back

# lvreduce -L 3G /dev/my_vg/my_lv ---> Reduce LV (EXT4 only)

# lvchange -an /dev/my_vg/my_lv ---> Deactivate LV

# lvchange -ay /dev/my_vg/my_lv ---> Activate LV

# vgreduce --removemissing my_vg ---> Remove missing PVs from VG

# vgchange -ay my_vg ---> Activate VG

# vgchange -an my_vg ---> Deactivate VG

Disk & Filesystem Checks

# fsck /dev/sdb1 ---> Check EXT filesystem

# xfs_repair /dev/sdb1 ---> Repair XFS filesystem

# tune2fs -l /dev/sdb1 ---> View EXT4 filesystem info

# dumpe2fs /dev/sdb1 ---> Dump EXT2/3/4 superblock info

# df -hT ---> Show filesystem type and usage

# du -sh /data/* ---> Directory usage summary

# lsblk -f ---> Filesystem type and label

# mount | grep /data ---> Confirm mounted filesystems

# blkid | grep /dev/sdb1 ---> Confirm UUID

OS Patching & Package Management (YUM/DNF)

# yum check-update ---> Check available updates

# yum repolist enabled ---> List enabled repositories

# yum clean all ---> Clean yum cache

# yum install --downloadonly --downloaddir=/tmp package_name ---> Download package only without installing

# yum history undo <transaction_id> ---> Rollback package update/installation

# yum history ---> View yum transaction history

# yum install package_name ---> Install package

# yum remove package_name ---> Remove package

# yum update ---> Update all packages

# yum list installed ---> List installed packages

# yum info package_name ---> Show package information

# dnf check-update ---> Check available updates

# dnf repolist enabled ---> List enabled repositories

# dnf clean all ---> Clean DNF cache

# dnf install package_name ---> Install package

# dnf remove package_name ---> Remove package

# dnf update ---> Update all packages

# dnf list installed ---> List installed packages

# dnf info package_name ---> Show package information

# dnf history ---> View DNF transaction history

# dnf history rollback <ID> ---> Rollback DNF transaction

# rpm -ivh package.rpm ---> Install RPM package manually

# rpm -Uvh package.rpm ---> Upgrade RPM package manually

# rpm -e package_name ---> Remove RPM package manually

# rpm -qa ---> List all installed RPM packages

# rpm -qi package_name ---> Show installed package info

# rpm -ql package_name ---> List files installed by package

# rpm -qf /path/to/file ---> Show which package a file belongs to

SELinux Management

# sestatus ---> Show SELinux status

# getenforce ---> Show current SELinux mode (Enforcing, Permissive, Disabled)

# setenforce 0 ---> Temporarily set SELinux to permissive mode

# setenforce 1 ---> Temporarily set SELinux to enforcing mode

# semanage port -l ---> List SELinux port policies

# semanage fcontext -l ---> List SELinux file contexts

# restorecon -v /file ---> Restore SELinux default context for file/directory

# chcon -t type /file ---> Change SELinux file context temporarily

# seinfo -t ---> Display SELinux types

# sesearch -s source_t -t target_t -c class -p permission ---> Search SELinux rules

# /etc/selinux/config ---> SELinux configuration file (permanent mode)

Firewall Management (Firewalld – Extended)

Firewall Service Control

# systemctl start firewalld ---> Start firewalld service

# systemctl stop firewalld ---> Stop firewalld service

# systemctl restart firewalld ---> Restart firewalld service

# systemctl enable firewalld ---> Enable firewalld at boot

# systemctl disable firewalld ---> Disable firewalld at boot

# systemctl status firewalld ---> Show firewalld status

Basic Firewall Status & Zones

# firewall-cmd --state ---> Check if firewall is running

# firewall-cmd --get-default-zone ---> Show default zone

# firewall-cmd --set-default-zone=public ---> Set default zone

# firewall-cmd --get-zones ---> List all available zones

# firewall-cmd --get-active-zones ---> Show active zones

# firewall-cmd --zone=public --list-all ---> Show all settings of public zone

# firewall-cmd --list-all-zones ---> Show configuration of all zones

Port Management

# firewall-cmd --add-port=8080/tcp ---> Open port temporarily

# firewall-cmd --remove-port=8080/tcp ---> Remove temporary port

# firewall-cmd --permanent --add-port=8080/tcp ---> Open port permanently

# firewall-cmd --permanent --remove-port=8080/tcp ---> Remove permanent port

# firewall-cmd --list-ports ---> List open ports in active zone

# firewall-cmd --reload ---> Reload firewall rules

Service Management (HTTP, HTTPS, SSH, etc.)

# firewall-cmd --get-services ---> List all predefined services

# firewall-cmd --add-service=http ---> Allow HTTP temporarily

# firewall-cmd --remove-service=http ---> Remove temporary HTTP access

# firewall-cmd --permanent --add-service=https ---> Allow HTTPS permanently

# firewall-cmd --permanent --remove-service=https ---> Remove HTTPS permanently

# firewall-cmd --list-services ---> List allowed services

Rich Rules (Advanced Rules)

# firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.10" accept'

---> Allow specific IP

# firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.10" port port="22" protocol="tcp" accept'

---> Allow SSH from specific IP

# firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.20" drop'

---> Block specific IP

# firewall-cmd --list-rich-rules ---> List rich rules

# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.5" drop'

---> Add permanent rich rule

Source IP & Interface Binding

# firewall-cmd --zone=public --add-source=192.168.1.0/24

---> Add source network to zone

# firewall-cmd --zone=public --remove-source=192.168.1.0/24

---> Remove source network

# firewall-cmd --zone=public --add-interface=eth0 ---> Bind interface to zone

# firewall-cmd --zone=public --remove-interface=eth0 ---> Remove interface from zone

# firewall-cmd --get-zone-of-interface=eth0 ---> Check zone of interface

Forwarding & Masquerading (NAT)

# firewall-cmd --add-masquerade ---> Enable NAT temporarily

# firewall-cmd --permanent --add-masquerade ---> Enable NAT permanently

# firewall-cmd --remove-masquerade ---> Disable NAT

# firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080

---> Forward port 80 to 8080

# firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toaddr=192.168.1.10

---> Forward port to another IP

# firewall-cmd --list-forward-ports ---> List port forwarding rules

Direct Rules (Low-Level iptables rules)

# firewall-cmd --direct --get-all-rules ---> Show direct rules

# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 9090 -j ACCEPT

---> Add direct rule

# firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp --dport 9090 -j ACCEPT

---> Remove direct rule

Lockdown Mode

# firewall-cmd --lockdown-on ---> Enable lockdown mode

# firewall-cmd --lockdown-off ---> Disable lockdown mode

# firewall-cmd --query-lockdown ---> Check lockdown status

Panic Mode (Emergency Block All Traffic)

# firewall-cmd --panic-on ---> Block all incoming/outgoing traffic

# firewall-cmd --panic-off ---> Disable panic mode

# firewall-cmd --query-panic ---> Check panic mode status

Runtime vs Permanent Configuration

# firewall-cmd --runtime-to-permanent ---> Save runtime rules to permanent

# firewall-cmd --reload ---> Apply permanent rules

# firewall-cmd --complete-reload ---> Reload firewall completely

Backup & Restore

# tar -cvf backup.tar /path/to/dir ---> Create tar archive

# tar -xvf backup.tar ---> Extract tar archive

# tar -czvf backup.tar.gz /path/to/dir ---> Create compressed gzip tar archive

# tar -xzvf backup.tar.gz ---> Extract gzip tar archive

# rsync -av /source /destination ---> Sync files/directories (preserve permissions)

# rsync -av --delete /source /destination ---> Mirror source to destination

# dd if=/dev/sda of=/backup/sda.img bs=4M ---> Create disk image backup

# dd if=/backup/sda.img of=/dev/sda bs=4M ---> Restore disk image

# cp -a /source /destination ---> Backup preserving attributes

# dump /dev/sdX /backup/backup_file ---> Backup EXT filesystem (dump command)

# restore -rf /backup/backup_file ---> Restore dump backup

# tar --listed-incremental=/backup/snapshot.file -cvf backup.tar /path ---> Incremental backup

RHEL Cluster Management (Pacemaker / Corosync / DRBD)

# pcs cluster status ---> Show cluster status

# pcs status ---> Show detailed cluster status

# pcs status nodes ---> Show status of all nodes

# pcs cluster start --all ---> Start cluster on all nodes

# pcs cluster stop --all ---> Stop cluster on all nodes

# pcs cluster enable --all ---> Enable cluster at boot

# pcs cluster disable --all ---> Disable cluster at boot

# pcs cluster cib ---> Show cluster configuration (CIB XML)

# pcs cluster reload ---> Reload cluster configuration

# pcs cluster node list ---> List cluster nodes

# pcs node show <node_name> ---> Show detailed node info

# pcs node standby <node_name> ---> Put node in standby

# pcs node online <node_name> ---> Bring node online

# pcs node disable <node_name> ---> Disable node (prevent it joining cluster)

# pcs node enable <node_name> ---> Enable node

Cluster Resource Management

# pcs resource show ---> List all cluster resources

# pcs resource status ---> Show resource status

# pcs resource create <res_name> <res_type> [options] ---> Create a new cluster resource

# pcs resource delete <res_name> ---> Delete a cluster resource

# pcs resource move <res_name> <node_name> ---> Move resource to a specific node

# pcs resource disable <res_name> ---> Disable a resource temporarily

# pcs resource enable <res_name> ---> Enable a resource

# pcs resource cleanup <res_name> ---> Cleanup failed resource state

# pcs resource update <res_name> <option>=<value> ---> Update resource options

# pcs resource show <res_name> ---> Show resource details

Cluster Constraints

# pcs constraint location show ---> Show all location constraints

# pcs constraint location <res_name> prefers <node_name> ---> Assign resource preference to node

# pcs constraint colocation add <res1> with <res2> [INFINITY] ---> Colocate resources

# pcs constraint order show ---> Show all order constraints

# pcs constraint order start <res1> then <res2> ---> Set start order of resources

# pcs constraint order <res1> then <res2> optional ---> Optional order constraint

# pcs constraint delete <constraint_id> ---> Delete a constraint

Cluster Fencing (STONITH)

# pcs stonith show ---> Show fencing devices

# pcs stonith create <fence_name> <fence_type> [options] ---> Create a STONITH device

# pcs stonith delete <fence_name> ---> Delete STONITH device

# pcs stonith enable <fence_name> ---> Enable STONITH device

# pcs stonith disable <fence_name> ---> Disable STONITH device

# pcs stonith status ---> Show fencing status

DRBD / Storage Resources

# drbdadm status ---> Show DRBD device status

# drbdadm create-md <res_name> ---> Create DRBD metadata

# drbdadm up <res_name> ---> Bring DRBD device up

# drbdadm down <res_name> ---> Bring DRBD device down

# drbdadm connect <res_name> ---> Connect DRBD devices

# drbdadm disconnect <res_name> ---> Disconnect DRBD devices

# drbdadm -- --discard-my-data connect <res_name> ---> Force sync DRBD

# drbdadm adjust <res_name> ---> Change DRBD protocol mode (A/C)

# drbdsetup status ---> Show DRBD device status (alternative)

Cluster Logs & Troubleshooting

# journalctl -u pacemaker ---> Show Pacemaker logs

# journalctl -u corosync ---> Show Corosync logs

# pcs cluster cib ---> View cluster configuration (CIB)

# crm_mon -1 ---> Monitor cluster in real-time

# crm_verify -L ---> Verify cluster configuration

# pcs status debug ---> Detailed debug info for cluster

Cluster Maintenance

# pcs cluster stop <node_name> ---> Stop cluster on specific node

# pcs cluster start <node_name> ---> Start cluster on specific node

# pcs resource failcount reset <res_name> ---> Reset fail count for a resource

# pcs property set no-quorum-policy=ignore ---> Ignore quorum temporarily

# pcs property set stonith-enabled=true ---> Enable STONITH

# pcs property set stonith-enabled=false ---> Disable STONITH temporarily

Red Hat Satellite Server Commands:

Satellite Service Management

# satellite-maintain service status ---> Show all Satellite service status

# satellite-maintain service start ---> Start all Satellite services

# satellite-maintain service stop ---> Stop all Satellite services

# satellite-maintain service restart ---> Restart all Satellite services

# satellite-maintain service list ---> List Satellite services

# satellite-maintain health check ---> Perform health check

# satellite-maintain backup /backup_dir ---> Backup Satellite server

# satellite-maintain restore /backup_dir ---> Restore Satellite backup

Foreman Service Management (Core of Satellite)

# systemctl status foreman ---> Check Foreman service

# systemctl status foreman-proxy ---> Check Smart Proxy service

# systemctl status httpd ---> Apache service status

# systemctl status postgresql ---> PostgreSQL status

# systemctl status pulpcore-api ---> Pulp API service

# systemctl status pulpcore-content ---> Pulp content service

# systemctl restart httpd ---> Restart Apache

# systemctl restart foreman ---> Restart Foreman

Hammer CLI (Main Satellite CLI Tool)

Organization & Location

# hammer organization list ---> List organizations

# hammer organization create --name "Org1" ---> Create organization

# hammer location list ---> List locations

# hammer location create --name "DC1" ---> Create location

Lifecycle Environments

# hammer lifecycle-environment list ---> List lifecycle environments

# hammer lifecycle-environment create \

--name Dev --prior Library --organization "Org1"

---> Create lifecycle environment

Content Views

# hammer content-view list ---> List content views

# hammer content-view create --name "RHEL8-CV" \

--organization "Org1" ---> Create content view

# hammer content-view publish \

--name "RHEL8-CV" --organization "Org1" ---> Publish content view

# hammer content-view version promote \

--content-view "RHEL8-CV" \

--to-lifecycle-environment Dev \

--organization "Org1" ---> Promote content view

Repository Management

# hammer repository list --organization "Org1" ---> List repositories

# hammer repository enable \

--organization "Org1" \

--product "Red Hat Enterprise Linux Server" \

--name "RHEL 8 BaseOS RPMs x86_64" ---> Enable repo

# hammer repository synchronize --id <repo_id> ---> Sync repository

Product Management

# hammer product list --organization "Org1" ---> List products

# hammer product create --name "CustomProduct" \

--organization "Org1" ---> Create product

Host Management

# hammer host list ---> List all hosts

# hammer host info --name hostname.example.com ---> Host details

# hammer host delete --name hostname.example.com ---> Delete host

# hammer host update --name host \

--lifecycle-environment Dev ---> Move host to lifecycle

Host Registration

On Client (RHEL System)

# subscription-manager register \

--org="Org1" \

--activationkey="rhel8-key" ---> Register host to Satellite

# subscription-manager status ---> Check subscription status

# subscription-manager repos --list ---> List enabled repos

# subscription-manager attach --auto ---> Auto attach subscription

# subscription-manager unregister ---> Unregister host

# subscription-manager clean ---> Remove old subscription data

Capsule Server Commands

# satellite-installer --scenario capsule \

--foreman-proxy-content-parent-fqdn satellite.example.com

---> Install Capsule

# hammer capsule list ---> List capsules

# hammer capsule content synchronize --id <id> ---> Sync capsule content

# satellite-maintain service status ---> Check capsule services

Sync & Content Management

# hammer repository synchronize --name "RepoName" \

--product "ProductName" \

--organization "Org1" ---> Sync repository

# hammer sync-plan list ---> List sync plans

# hammer sync-plan create --name "DailySync" \

--interval daily --organization "Org1" ---> Create sync plan

Database & Logs

PostgreSQL

# su - postgres

# psql -d foreman ---> Connect to Satellite DB

# \dt ---> List tables

# \q ---> Exit DB

Important Logs

/var/log/foreman/production.log ---> Foreman log

/var/log/httpd/error_log ---> Apache errors

/var/log/pulpcore/ ---> Pulp logs

/var/log/messages ---> System log

Troubleshooting & Maintenance

# satellite-maintain health check ---> Full system check

# satellite-maintain upgrade check ---> Pre-upgrade check

# satellite-maintain packages list ---> List installed packages

# foreman-rake katello:check ---> Check Katello health

# hammer ping ---> Test Satellite API

Upgrade & Patch Management

# satellite-maintain upgrade list ---> Check available upgrades

# satellite-maintain upgrade run ---> Run upgrade

# yum update ---> Update Satellite packages

Enterprise-Level Useful Commands

# hammer task list ---> List background tasks

# hammer task progress --id <task_id> ---> Check task progress

# hammer task resume --id <task_id> ---> Resume failed task

# foreman-rake db:migrate ---> Run DB migration

# foreman-rake tmp:clear ---> Clear cache

RHEL Server – Important Configuration Files:

System & Boot Configuration

/etc/fstab ---> Filesystems mounted at boot

/etc/mtab ---> Currently mounted filesystems (symlink to /proc)

/etc/default/grub ---> GRUB bootloader configuration

/boot/grub2/grub.cfg ---> Generated GRUB configuration file

/etc/sysconfig/grub ---> GRUB environment (older versions)

/etc/hostname ---> System hostname

/etc/hosts ---> Static hostname to IP mapping

/etc/machine-id ---> Unique system identifier

/etc/localtime ---> System timezone

/etc/chrony.conf ---> NTP time synchronization config

User & Authentication Configuration

/etc/passwd ---> User account information

/etc/shadow ---> Encrypted passwords

/etc/group ---> Group definitions

/etc/gshadow ---> Secure group passwords

/etc/login.defs ---> Password & login policy defaults

/etc/default/useradd ---> Default settings for new users

/etc/sudoers ---> Sudo access control

/etc/sudoers.d/ ---> Additional sudo configs

/etc/security/limits.conf ---> User resource limits

/etc/security/limits.d/ ---> Additional limits configs

/etc/pam.d/ ---> PAM authentication modules

/etc/nsswitch.conf ---> Name service switch configuration

/etc/securetty ---> Secure TTY access for root

Network Configuration

RHEL 8/9/10 (NetworkManager based)

/etc/NetworkManager/NetworkManager.conf

/etc/NetworkManager/system-connections/ ---> Interface config files

/etc/resolv.conf ---> DNS configuration

/etc/sysconfig/network ---> Legacy network config

RHEL 7 (Legacy scripts)

/etc/sysconfig/network-scripts/ifcfg-eth0 ---> Interface configuration

/etc/sysconfig/network ---> Networking settings

Other Network Files

/etc/hosts.allow ---> TCP wrapper allow rules

/etc/hosts.deny ---> TCP wrapper deny rules

/etc/services ---> Port-to-service mapping

/etc/ssh/sshd_config ---> SSH server config

/etc/ssh/ssh_config ---> SSH client config

SELinux Configuration

/etc/selinux/config ---> SELinux mode (enforcing/permissive)

/etc/selinux/targeted/ ---> SELinux policy files

/etc/selinux/semanage.conf ---> SELinux management config

Firewall Configuration

/etc/firewalld/firewalld.conf ---> Main firewalld config

/etc/firewalld/zones/ ---> Zone definitions

/etc/firewalld/services/ ---> Custom services

/etc/sysconfig/iptables ---> Legacy iptables config (RHEL 7)

/etc/sysconfig/ip6tables ---> IPv6 firewall rules

System Services & Daemons

/etc/systemd/system/ ---> Custom systemd service files

/usr/lib/systemd/system/ ---> Default system services

/etc/systemd/system/multi-user.target.wants/ ---> Enabled services

/etc/rc.d/rc.local ---> Startup script (legacy)

/etc/sysconfig/ ---> Service-specific configs

Logging Configuration

/etc/rsyslog.conf ---> Main logging config

/etc/rsyslog.d/ ---> Custom log rules

/etc/logrotate.conf ---> Log rotation config

/etc/logrotate.d/ ---> Service log rotation configs

/var/log/messages ---> General system logs

/var/log/secure ---> Authentication logs

/var/log/dmesg ---> Kernel logs

/var/log/boot.log ---> Boot logs

Storage & Filesystem Configuration

/etc/fstab ---> Mount configuration

/etc/lvm/lvm.conf ---> LVM configuration

/etc/mdadm.conf ---> Software RAID config

/etc/crypttab ---> Encrypted filesystem config

/etc/multipath.conf ---> Multipath configuration

/etc/auto.master ---> Autofs main config

/etc/exports ---> NFS export configuration

Package & Repository Configuration

/etc/yum.conf ---> Yum configuration (RHEL 7)

/etc/yum.repos.d/ ---> Repository definitions

/etc/dnf/dnf.conf ---> DNF config (RHEL 8+)

/etc/rhsm/rhsm.conf ---> Subscription Manager config

/etc/pki/rpm-gpg/ ---> GPG keys

Kernel & Performance Tuning

/etc/sysctl.conf ---> Kernel parameter configuration

/etc/sysctl.d/ ---> Custom kernel tuning files

/proc/sys/ ---> Runtime kernel parameters

/etc/security/limits.conf ---> Process limits

/etc/tuned/ ---> Tuned profiles

Cron & Job Scheduling

/etc/crontab ---> System-wide cron jobs

/etc/cron.d/ ---> Additional cron jobs

/etc/cron.daily/ ---> Daily jobs

/etc/cron.hourly/ ---> Hourly jobs

/etc/anacrontab ---> Anacron jobs

Cluster Configuration (Pacemaker/Corosync)

/etc/corosync/corosync.conf ---> Corosync cluster config

/var/lib/pacemaker/cib/cib.xml ---> Cluster information base

/etc/drbd.conf ---> DRBD config

/etc/drbd.d/ ---> DRBD resource files

Satellite Client Configuration (If Registered)

/etc/rhsm/rhsm.conf ---> Subscription config

/etc/pki/consumer/ ---> Consumer certificates

/etc/yum.repos.d/redhat.repo ---> Satellite repo file

RHEL Logs & Troubleshooting Commands:

System Logs (General)

# journalctl ---> View all system logs

# journalctl -xe ---> Show recent errors with details

# journalctl -f ---> Follow logs live

# journalctl -b ---> Show logs from current boot

# journalctl -b -1 ---> Show logs from previous boot

# journalctl --since "1 hour ago" ---> Logs from last hour

# journalctl --since "2026-02-12 10:00:00" ---> Logs from specific time

# journalctl -p err ---> Show only error logs

# journalctl -k ---> Show kernel logs only

Service-Specific Troubleshooting

# systemctl status httpd ---> Check service status

# journalctl -u httpd ---> View logs for specific service

# journalctl -u sshd ---> SSH service logs

# journalctl -u NetworkManager ---> Network logs

# journalctl -u firewalld ---> Firewall logs

# journalctl -u crond ---> Cron logs

# systemctl list-units --failed ---> Show failed services

Boot & Startup Issues

# systemctl --failed ---> List failed units

# journalctl -xb ---> Boot errors only

# dmesg | less ---> Kernel boot messages

# cat /proc/cmdline ---> Kernel boot parameters

# lsblk ---> Check disk detection

# mount ---> Verify mounted filesystems

CPU & Memory Troubleshooting

# top ---> Real-time process monitoring

# htop ---> Advanced process viewer

# ps aux --sort=-%cpu | head ---> Top CPU processes

# ps aux --sort=-%mem | head ---> Top memory processes

# free -h ---> Memory usage

# vmstat 1 5 ---> Memory & CPU stats

# mpstat -P ALL 1 5 ---> Per-CPU usage

# sar -u 1 5 ---> CPU historical stats

Disk & Filesystem Issues

# df -h ---> Disk usage

# df -i ---> Inode usage

# du -sh /* ---> Directory usage

# lsblk ---> List disks

# blkid ---> UUID & filesystem type

# mount | column -t ---> Mounted filesystems

# lsof | grep deleted ---> Open deleted files (disk full issue)

# xfs_repair /dev/sdb1 ---> Repair XFS filesystem

# fsck /dev/sdb1 ---> Check filesystem

Network Troubleshooting

# ip a ---> Check IP address

# ip route ---> Check routing table

# ss -tulnp ---> Check listening ports

# netstat -tulnp ---> Legacy port check

# ping 8.8.8.8 ---> Test connectivity

# traceroute google.com ---> Trace route

# nmcli device status ---> Network status

# tcpdump -i eth0 ---> Capture traffic

# ethtool eth0 ---> Check NIC status

Authentication & Access Issues

# tail -f /var/log/secure ---> Monitor login attempts

# last ---> Last successful logins

# lastb ---> Failed login attempts

# faillog ---> Failed login report

# chage -l username ---> Password expiry info

# getenforce ---> Check SELinux mode

# ausearch -m AVC ---> SELinux denial logs

SELinux Troubleshooting

# sestatus ---> SELinux status

# getenforce ---> Current mode

# setenforce 0 ---> Temporary permissive mode

# audit2why < /var/log/audit/audit.log ---> Explain SELinux denial

# audit2allow -a ---> Generate allow rule

# restorecon -Rv /path ---> Fix SELinux context

Process Troubleshooting

# ps -ef | grep process_name ---> Find process

# pgrep process_name ---> Get PID

# kill -9 <PID> ---> Force kill process

# strace -p <PID> ---> Trace system calls

# lsof -p <PID> ---> Open files by process

# nice -n 10 command ---> Set process priority

# renice -n 5 -p <PID> ---> Change priority

Package & Dependency Issues

# yum history ---> View transaction history

# yum history info <ID> ---> Transaction details

# rpm -qa | grep package_name ---> Check installed package

# rpm -V package_name ---> Verify package integrity

# dnf check ---> Check dependency issues

Kernel & Hardware Troubleshooting

# uname -r ---> Kernel version

# lsmod ---> Loaded kernel modules

# modprobe module_name ---> Load module

# lsusb ---> USB devices

# lspci ---> PCI devices

# free -m ---> RAM check

# cat /proc/cpuinfo ---> CPU details

# smartctl -a /dev/sda ---> Disk health

Unix System Administrator

Pages

Solaris health check script run from remote jump server

Fixing Volume Group ODM Corruption in AIX

Problems with Importing a Volume Group in AIX

RHEL Linux ioining to an active directory (AD) domain

RHEL Linux CLI All In One