LFCA Labs

Linux Foundation Certified IT Associate hands-on labs. System logging, user administration, and container fundamentals aligned with the LFCA exam objectives.

These Labs Cover All Major Linux Certifications

LPI Linux Essentials CompTIA Linux+ (XK0-006) LPIC-1 (101 & 102) LPIC-2 (201 & 202) LPIC-3 (300 / 303 / 305 / 306)
RHCSA (EX200) RHCE (EX294) RHCA LFCS LFCE LFCA CKA CKAD CKS

LFCA Labs - Module 4

System logging & journald, user & group administration, and container basics - core LFCA exam domains.

Lab 10: System Logging & Journald
Intermediate / Terminal + GUI
Scenario: Configure Reliable Logging on a Linux Server
Your security team requires reliable troubleshooting logs on the application server. You must inspect the systemd journal, filter logs by service and priority, enable persistent journal storage, configure rsyslog to capture authentication logs, and verify the logging pipeline. This aligns to core LFCA systems operations objectives.

Learning Objectives:

LFCA - Domain: Systems Operations
  • Journal Inspection: Use journalctl to view and query system logs
  • Log Filtering: Filter logs by unit, priority, and boot session
  • Persistent Storage: Configure journald to persist logs across reboots
  • Rsyslog: Configure rsyslog rules for targeted log files

📋 Step-by-Step Instructions

  1. Step 1: View Recent System Journal Entries
    🎯 Goal: Inspect the systemd journal to see recent system messages

    🔍 What is journalctl?
    journalctl queries the systemd journal - a centralized log store for kernel, services, and applications. The -n flag limits output. --no-pager prints directly to the terminal (best for exams and scripts).

    💻 View last 20 journal entries:
    journalctl -n 20 --no-pager

    💻 View kernel messages only:
    journalctl -k -n 10 --no-pager
    💡 Tip: In the real terminal, you can scroll journal output; in this lab, use tabs + dashboards to review entries quickly.
    📖 Hint: Check the Journal Viewer tab - it turns logs into a searchable dashboard with priority badges.
  2. Step 2: Filter Logs by Service Unit
    🎯 Goal: View logs for a specific systemd service unit

    🔍 Unit filtering:
    -u filters by systemd unit (service). This is the fastest way to troubleshoot one service without scanning the entire journal.

    💻 View SSH daemon logs:
    journalctl -u sshd.service -n 15 --no-pager

    💻 View cron service logs:
    journalctl -u cron.service -n 10 --no-pager
    💡 Tip: Combine -u with time filters like --since "1 hour ago" in real environments.
    ⚠️ Exam Note: LFCA expects you to recognize which component produced a log (kernel vs sshd vs cron) and how to filter for it.
  3. Step 3: Filter by Priority Level
    🎯 Goal: Show only error-level and warning-level messages

    🔍 Priorities:
    Use -p to filter by priority. err focuses on serious problems. Use -b to limit results to the current boot session.

    💻 Show error-level messages and above:
    journalctl -p err -n 20 --no-pager

    💻 Show warnings from the current boot:
    journalctl -p warning -b --no-pager
    💡 Tip: In incident response, you often start with -p err, then widen to warning, then info as needed.
  4. Step 4: Enable Persistent Journal Storage
    🎯 Goal: Persist logs across reboots using /var/log/journal

    🔍 Persistent journald:
    Without persistent storage, logs can be volatile. To enable persistence, create /var/log/journal, set Storage=persistent in /etc/systemd/journald.conf, and restart journald.

    💻 Create persistent journal directory:
    sudo mkdir -p /var/log/journal

    💻 Set Storage=persistent:
    sudo sed -i 's/#Storage=auto/Storage=persistent/' /etc/systemd/journald.conf

    💻 Restart journald:
    sudo systemctl restart systemd-journald
    ⚠️ Warning: Persistent logs consume disk space. In production, also configure a disk usage cap (SystemMaxUse=) and rotation policy.
    📖 Hint: The Syslog Config tab updates instantly when persistence is enabled.
  5. Step 5: Configure Rsyslog for Auth Logs
    🎯 Goal: Capture authentication logs in a dedicated file for security review

    🔍 Why auth logs?
    Authentication events (successful/failed logins, sudo usage) are high-signal security telemetry. A dedicated /var/log/auth.log makes review and forwarding easier.

    💻 Create rsyslog rule:
    echo 'auth,authpriv.* /var/log/auth.log' | sudo tee /etc/rsyslog.d/50-auth.conf

    💻 Restart rsyslog:
    sudo systemctl restart rsyslog
    💡 Tip: Rsyslog rule files load alphabetically. Prefix your custom file so it loads in a predictable order.
  6. Step 6: Verify the Logging Pipeline
    🎯 Goal: Confirm journald persistence and auth log file creation

    💻 Check journal disk usage:
    journalctl --disk-usage

    💻 Verify /var/log/auth.log has entries:
    sudo cat /var/log/auth.log
    🎓 Checkpoint: You can query, filter, persist, and route logs - a real-world LFCA Systems Operations skill.

Linux Terminal

Terminal
Journal Viewer
Syslog Config
Activity Log
sysadmin@logserver:~$
Recent Journal Entries
TimestampPriorityMessage
-- waiting --infoRun journalctl to populate this view
Log Statistics
Total Entries Viewed0
Errors Detected0
Persistent StorageDisabled
journald.conf Status
Storageauto (volatile)
/var/log/journal/Not created
Journal ServiceRunning
Rsyslog Rules
rsyslog ServiceRunning
Auth Log RuleNot configured
/var/log/auth.logNot created
Recent Activity
[--:--:--]Lab session started. Ready for commands.
Progress: 0/6 tasks completed
Score: 0/100
🎉 After Completing All Steps:

1. Click "Validate Configuration" to see what is complete and what is missing.
2. Use the Journal Viewer and Syslog Config tabs for live dashboards.
Tip: The Activity Log records every command with timestamps.
Lab 11: User & Group Administration
Intermediate / Terminal + GUI
Scenario: Onboard a New Development Team
A new development team is joining your organization. Create the developers group, add two user accounts (alice and bob), assign them to the group, set secure passwords, grant alice sudo privileges, and verify access configuration. This is a core LFCA security and administration task.

Learning Objectives:

LFCA - Domain: Security
  • Group Management: Create and query groups with groupadd/getent
  • User Creation: Add users with useradd and configure properties
  • Password Management: Set and verify passwords using passwd
  • Sudo Access: Grant admin privileges via group membership

📋 Step-by-Step Instructions

  1. Step 1: Inspect Existing Users & Groups
    🎯 Goal: Review current user and group configuration

    💻 Show current user identity:
    id

    💻 Inspect the end of /etc/group:
    cat /etc/group | tail -10
    💡 Tip: Use id to quickly confirm which groups a user belongs to. This matters for access and sudo.
    📖 Hint: The User Manager tab updates as you create users and groups.
  2. Step 2: Create the Developers Group
    🎯 Goal: Create a new group for developers

    💻 Create the developers group:
    sudo groupadd developers

    💻 Verify the group exists:
    getent group developers
    💡 Tip: getent is preferred because it works with local files and directory services.
  3. Step 3: Create User Accounts (alice and bob)
    🎯 Goal: Create two users with home directories and bash shell

    💻 Create alice:
    sudo useradd -m -s /bin/bash -G developers alice

    💻 Create bob:
    sudo useradd -m -s /bin/bash -G developers bob
    ⚠️ Exam Note: -G sets supplementary groups. -g sets the primary group. This is a common confusion point.
  4. Step 4: Set Passwords for New Users
    🎯 Goal: Set initial passwords for alice and bob

    💻 Set alice password:
    sudo passwd alice

    💻 Set bob password:
    sudo passwd bob
    💡 Tip: Password hashes are stored in /etc/shadow. Never store plaintext passwords in scripts.
  5. Step 5: Grant Sudo Privileges to Alice
    🎯 Goal: Add alice to the sudo group and verify membership

    💻 Add alice to sudo group:
    sudo usermod -aG sudo alice

    💻 Verify alice group membership:
    id alice
    ⚠️ Warning: Always use -aG to append. Using -G without -a can remove existing group access.
  6. Step 6: Verify Complete Configuration
    🎯 Goal: Confirm bob is in developers and group membership is correct

    💻 Verify bob identity:
    id bob

    💻 Verify developers group members:
    getent group developers
    🎓 Checkpoint: You can manage users, groups, passwords, and sudo access - fundamental LFCA security administration skills.

Linux Terminal

Terminal
User Manager
Permissions
Activity Log
sysadmin@logserver:~$
System Users
UsernameUIDGroupsShell
root0root/bin/bash
sysadmin1000sysadmin,sudo/bin/bash
Groups
Total Custom Groups0
Total Users2
Sudo Access
sysadminsudo enabled
Password Status
sysadminSet
Recent Activity
[--:--:--]Lab session started. Ready for commands.
Progress: 0/6 tasks completed
Score: 0/100
🎉 After Completing All Steps:

1. Click "Validate Configuration" to see what is complete and what remains.
2. Use the User Manager and Permissions tabs for visual verification.
Tip: If you mistype a command, it will be rejected - copy from the instructions.
Lab 12: Container Basics with Docker
Intermediate / Terminal + GUI
Scenario: Deploy a Containerized Web Service
Your team wants to run an Nginx web server in a container. Verify Docker, pull nginx:alpine, run a container named webserver with port mapping 8080:80, inspect and view logs, then stop and remove the container. This lab builds LFCA DevOps fundamentals.

Learning Objectives:

LFCA - Domain: DevOps Fundamentals
  • Docker Engine: Verify installation and daemon status
  • Images: Pull and list images from a registry
  • Containers: Run, inspect, stop, and remove containers
  • Port Mapping: Publish container ports to the host

📋 Step-by-Step Instructions

  1. Step 1: Verify Docker Installation
    🎯 Goal: Confirm Docker is installed and responding

    💻 Check Docker version:
    docker --version

    💻 View Docker engine info:
    docker info
    💡 Tip: If Docker is not running in a real system, start it with systemd. In this lab the engine is simulated.
    📖 Hint: The Container Dashboard shows running/stopped containers and image counts live.
  2. Step 2: Pull the nginx:alpine Image
    🎯 Goal: Download the official Nginx image

    💻 Pull the image:
    docker pull nginx:alpine

    💻 List images:
    docker images
    💡 Tip: Alpine tags are commonly used for smaller images and reduced attack surface.
  3. Step 3: Run the Webserver Container
    🎯 Goal: Run a detached container named webserver and publish port 8080 to 80

    💻 Run the container:
    docker run -d --name webserver -p 8080:80 nginx:alpine

    💻 List running containers:
    docker ps
    ⚠️ Exam Note: Know docker ps (running) vs docker ps -a (all). LFCA often checks this.
  4. Step 4: Inspect and View Logs
    🎯 Goal: Inspect container metadata and view startup logs

    💻 Inspect container (JSON):
    docker inspect webserver

    💻 View container logs:
    docker logs webserver
    💡 Tip: In real ops, logs are your fastest signal for container health. Combine with docker ps and exit codes.
  5. Step 5: Stop the Container
    🎯 Goal: Gracefully stop the container and verify it is stopped

    💻 Stop the container:
    docker stop webserver

    💻 Verify with docker ps -a:
    docker ps -a
    💡 Tip: A stopped container still exists. You can inspect it and restart it later unless you remove it.
  6. Step 6: Remove the Container and Clean Up
    🎯 Goal: Remove the stopped container and confirm cleanup

    💻 Remove the container:
    docker rm webserver

    💻 Confirm there are no containers:
    docker ps -a
    🎓 Checkpoint: You completed the basic container lifecycle: pull, run, inspect/logs, stop, remove.

Linux Terminal

Terminal
Container Dashboard
Image Registry
Activity Log
sysadmin@logserver:~$
Containers
NameImageStatusPortsCPU
No containers yet
Docker Summary
Containers Running0
Containers Stopped0
Images Downloaded0
Local Images
No images downloaded
Disk Usage
Images0 B
Containers0 B
Recent Activity
[--:--:--]Lab session started. Ready for commands.
Progress: 0/6 tasks completed
Score: 0/100
🎉 After Completing All Steps:

1. Click "Validate Configuration" to confirm your container lifecycle tasks.
2. Use Container Dashboard and Image Registry for visual verification.
Tip: If a command is rejected, copy it exactly from the steps.

Confirm Reset

Are you sure you want to reset this lab? This will:

  • Clear all terminal output
  • Reset all completed tasks
  • Reset all simulated configurations and dashboards
  • Reset progress to 0%

This action cannot be undone!