Skip to content

Instantly share code, notes, and snippets.

@acristoffers

acristoffers/EX200-cheat-sheet.md

Last active February 16, 2026 10:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save acristoffers/ae96c5b66d1b2340ba5b85823b5128f8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save acristoffers/ae96c5b66d1b2340ba5b85823b5128f8 to your computer and use it in GitHub Desktop.
Download ZIP
Things to know for the EX200 (RHCSA) exam
Raw
EX200-cheat-sheet.md

This file contains some commands and configurations you need to know for the EX200 (RHCSA) exam.

It is not exhaustive. Knowledge I consider basic is not here. This is meant to cover the things I don't do frequently enough, so there is a risk I may have forgotten how to do, or things the exam usually asks for and that you better know how to do it by heart.

Table of Contents

Operate Running Systems

Interrupt the boot process to gain access

  • Edit GRUB entry, append init=/bin/bash and replace ro with rw

  • Remount if needed: mount -o remount,rw /

  • Then:

    1. passwd
    2. touch /.autorelabel
    3. exec /sbin/reboot -f

Boot into different targets

  • Check current: systemctl get-default
  • Set multi-user: systemctl set-default multi-user.target
  • Set graphical: systemctl set-default graphical.target
  • Temporary: add systemd.unit= in GRUB

Control services

  • Start/stop: systemctl start|stop service
  • Enable/disable: systemctl enable|disable service
  • Status: systemctl status service
  • Reload: systemctl reload service

Analyze logs

Journal (systemd)

  • View all: journalctl
  • Current boot: journalctl -b
  • Previous boot: journalctl -b -1
  • Service: journalctl -u service
  • Priority (errors+): journalctl -p err
  • Time range: journalctl --since "2026-01-01 10:00" --until "2026-01-01 11:00"
  • Follow: journalctl -f
  • Disk usage: journalctl --disk-usage
  • Vacuum old logs: journalctl --vacuum-time=7d

The configuration file may not exist. A sample one usually exists in /usr/lib/systemd/journald.conf. You can use find /usr -name '*journal*conf' to find it, which will work if the file is in another location. See also man journald.conf.

Persistent journal

  • Check: ls /var/log/journal

  • Enable if missing:

    mkdir -p /var/log/journal
journalctl --flush

Syslog / traditional logs

  • Main log files:

    • /var/log/messages (general)
    • /var/log/secure (auth/sudo/ssh)
    • /var/log/cron (cron)
    • /var/log/maillog

  • View:

    less /var/log/messages
tail -f /var/log/secure

  • Search:

    grep error /var/log/messages
grep sshd /var/log/secure

Application-specific logs

  • Common locations:

    • /var/log/
    • /var/log/appname/
    • /var/log/httpd/ (Apache)
    • /var/log/nginx/
    • /var/lib/containers/storage/overlay-containers/*/userdata/ctr.log

  • Find log files:

    find /var/log -type f | grep app

Rsyslog service

  • Status: systemctl status rsyslog
  • Restart: systemctl restart rsyslog
  • Config: /etc/rsyslog.conf, /etc/rsyslog.d/*.conf

Generate a log entry

  • logger -p user.warn "a warning message"
  • logger -p user.info "an info message"
  • logger -t some-tag "a tagged message"

Log rotation

  • Install logrotate: dnf install logrotate
  • Enable its service systemctl enable --now logrotate
  • Configure in /etc/logrotate.conf

Exam patterns

  • "Find why service X failed":

    journalctl -xeu service

  • "Check login failures":

    journalctl _COMM=sshd
grep "Failed password" /var/log/secure

  • "Check cron errors":

    journalctl -u crond
less /var/log/cron

Manage Software

Manage packages with DNF

  • Install: dnf install pkg
  • Remove: dnf remove pkg
  • Search: dnf search keyword
  • Info: dnf info pkg
  • Update: dnf update
  • Groups: dnf group list/install

Manage repositories

  • List: dnf repolist
  • Add repo file: /etc/yum.repos.d/*.repo
  • Clean cache: dnf clean all

Typical exam .repo file example

Location: /etc/yum.repos.d/exam.repo

[exam-baseos]
name=Exam BaseOS
baseurl=http://content.example.com/rhel9/BaseOS/x86_64/os/
enabled=1
gpgcheck=0

[exam-appstream]
name=Exam AppStream
baseurl=http://content.example.com/rhel9/AppStream/x86_64/os/
enabled=1
gpgcheck=0

This can be scaffolded with dnf config-manager:

dnf config-manager --add-repo file:///var/repo --set-enabled --nogpgcheck

Then edit it and modify as needed.

Verify repository

  • Refresh metadata: dnf makecache

  • Test:

    dnf repolist
dnf install tree

Manage Storage

List and manage disks

  • List: lsblk, blkid
  • Partitions: fdisk /dev/sdX, parted

Create physical volume (LVM)

pvcreate /dev/sdX1
pvdisplay

Create volume group

vgcreate vgdata /dev/sdX1
vgdisplay
  • Extend VG:
vgextend vgdata /dev/sdX2

Create logical volume

  • Standard LV:
lvcreate -n lvdata -L 5G vgdata
  • Use all free space:
lvcreate -n lvdata -l 100%FREE vgdata

Format and mount LV

mkfs.xfs /dev/vgdata/lvdata
mkdir /data
mount /dev/vgdata/lvdata /data
  • Persistent (/etc/fstab):
/dev/vgdata/lvdata  /data  xfs  defaults  0 0

Extend logical volume (online)

  • Extend LV:
lvextend -r -L +2G /dev/vgdata/lvdata

Reduce logical volume (ext4 only, not XFS)

lvreduce -r -L 3G /dev/vgdata/lvdata

Thin provisioning (LVM Thin)

Create thin pool

lvcreate -L 10G -T vgdata/thinpool

Create thin logical volume

lvcreate -V 5G -T vgdata/thinpool -n thinlv
  • Format and mount:
mkfs.xfs /dev/vgdata/thinlv
mount /dev/vgdata/thinlv /thin

Check thin usage

lvs
lvs -a -o +seg_monitor

Remove LVM components

lvremove /dev/vgdata/lvdata
vgremove vgdata
pvremove /dev/sdX1

Create filesystems

  • ext4: mkfs.ext4 /dev/sdX1
  • xfs: mkfs.xfs /dev/sdX1

Mount filesystems

  • Temporary: mount /dev/sdX1 /mnt
  • Permanent: /etc/fstab
  • Test: mount -a

Mount with UUID

  • Find: blkid
  • Use in fstab: UUID=xxx /mnt xfs defaults 0 0

Configure autofs

  • Install: dnf install autofs

  • Enable: systemctl enable --now autofs

  • Master map: /etc/auto.master

  • Example:

    /misc /etc/auto.misc

  • Map file:

    share -fstype=nfs server:/export/share

Automatically mount home directories

  • /etc/auto.master:

      /home /etc/auto.home --timeout 60

  • /etc/auto.home:

      * -fstype=nfs,rw,rsync server:/export/home/&

Manage swap

  • Create file:

    fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

  • Persistent: add to /etc/fstab

/swapfile    swap    swap    defaults    0 0

Manage Files

Permissions

  • View: ls -l

  • Change: chmod 755 file

  • Symbolic: chmod u+x file

  • Owner: chown user:group file

  • Bits:

    chmod ? file Type Affects Description
    u+s SUID executable files the command will run as the file owner user instead of the one invoking it
    g+s SGID folders new files inside the folder inherit the folder's group
    o+t Sticky folders the user can only delete files he owns (useful in conjunction with SGID)

ACLs

  • Set: setfacl -m u:user:rwx file
  • Get: getfacl file

Find files

  • By name: find / -name file
  • By size: find / -size +100M
  • By perm: find / -perm 644
  • By user: find / -user user
  • By time: find / -mtime -1

Links

  • Hard: ln src dest
  • Soft: ln -s src dest

Manage Users and Groups

Users

  • Add: useradd user
  • With its group: useradd -U user
  • With home: useradd -m user
  • Password: passwd user
  • Delete: userdel -r user
  • Modify: usermod -aG group user

Groups

  • Add: groupadd group
  • Delete: groupdel group

Password aging

  • View: chage -l user
  • Set max days: chage -M 90 user
  • Persistent: /etc/login.defs

Default home contents

Add the files/folders to /etc/skel

Networking

Configure networking (nmcli)

You can use nmtui if you want.

  • Show: nmcli dev status

  • Connections: nmcli con show

  • Set IP:

    nmcli con mod eth0 ipv4.method manual ipv4.addresses 192.168.1.10/24 ipv4.gateway 192.168.1.1
nmcli con up eth0

  • DHCP: nmcli con mod eth0 ipv4.method auto

  • Add connection (fixed IPs, with gateway and DNS, both ipv4 and ipv6) (autocomplete is your friend):

nmcli connection add                         \
  con-name static                            \
  type ethernet                              \
  ipv4.addresses 192.178.0.10/24,10.0.0.3/24 \
  ipv4.gateway 192.178.0.1                   \
  ipv4.dns 1.1.1.1                           \
  ipv4.method manual                         \
  ipv6.addresses 'fd01::105/64'              \
  ipv6.gateway 'fd01::1'                     \
  ipv6.method manual

Hostname

  • Set: hostnamectl set-hostname name

Firewall

Firewalld basics

  • Status: firewall-cmd --state
  • Zones: firewall-cmd --get-zones
  • Active: firewall-cmd --get-active-zones

Open ports/services

  • Add service:

    firewall-cmd --add-service=http --permanent
firewall-cmd --reload

  • Add port:

    firewall-cmd --add-port=8080/tcp --permanent
firewall-cmd --reload

  • List: firewall-cmd --list-all

httpd on non-standard port (firewall)

Example: run Apache on port 8081

  1. Open firewall port:

    firewall-cmd --add-port=8081/tcp --permanent
firewall-cmd --reload

  2. Verify:

    firewall-cmd --list-ports

File Sharing

NFS Server

  • Install: dnf install nfs-utils

  • Enable: systemctl enable --now nfs-server

  • Export file: /etc/exports

    /share 192.168.1.0/24(rw,sync,no_root_squash)
/share *(rw,sync,no_root_squash)

  • Apply: exportfs -r

  • Check: exportfs -v

NFS Client

  • Mount:

    mount server:/share /mnt

  • Persistent (fstab):

    server:/share /mnt nfs defaults 0 0

SELinux

Status

  • Get: getenforce
  • Set temp: setenforce 0|1 (Attention! You cannot do this in the exam!)

Contexts

  • View: ls -Z

  • Restore: restorecon -Rv /path

  • List: semanage fcontext -l

  • Change:

    semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
restorecon -Rv /web

Booleans

  • List: getsebool -a
  • Set: setsebool -P httpd_enable_homedirs on

httpd on non-standard port (SELinux)

Example: allow Apache on port 8081

  1. Check current ports:

    semanage port -l | grep http

  2. Add new port:

    semanage port -a -t http_port_t -p tcp 8081

  3. Verify:

    semanage port -l | grep 8081

  4. Restart service:

    systemctl restart httpd

Containers (Podman)

It appears to have been removed from the exam.

Basic usage

  • Search: podman search image
  • Pull: podman pull image
  • Run: podman run -d -p 8080:80 image
  • List: podman ps -a
  • Stop: podman stop id
  • Remove: podman rm id

Rootless containers

  • User service:

    loginctl enable-linger user
systemctl --user enable podman.socket

Scheduling

Cron

  • Edit: crontab -e
  • List: crontab -l
  • System: /etc/crontab
  • Format: minute hour day_of_month month day_of_week command
    • * means every value in that field (e.g., * * * * * runs every minute).
    • , separates multiple values (e.g., 0,15,30,45 * * * * runs every 15 minutes).
    • - defines a range (e.g., 0-5 8 * * * runs every minute from 8:00 to 8:05).
    • */n means every n units (e.g., */5 * * * * runs every 5 minutes).
    • L means the last day of the month (e.g., 0 0 L * * runs at midnight on the last day of the month).

See man 5 crontab for more information.

At

  • One-time: at now + 10 minutes
  • List: atq
  • Remove: atrm id

It gets the command from stdin: at now + 1 minute <<<'logger -p emerg "hello from at"'

Archives and Compression

Tar

  • Create: tar -cvf a.tar dir
  • Extract: tar -xvf a.tar
  • Compression: tar -caf a.tar.gz dir

System Monitoring

Resource usage

  • CPU/mem: top, htop
  • Disk: df -h, du -sh *
  • IO: iostat, vmstat
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment