Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
QUE 1:- Configure your server to use a separate YUM repository. Solution: -
# vim /etc/yum.repos.d/server.repo
[Base] Name=rhcsa baseurl=ftp ://< server IP add>/pub/<path> gpgcheck=0 enable=1
# yum install rpm-build # rpm ivh redhat-release-6-6.0.0.24.el6.src.rpm # cd /root/rpmbuild # cd SPECS # rpmbuild ba redhat-release.spec (here -ba =build binary & source package) # cd
# iptables F # chkconfig iptables off # service iptables save # service iptables stop # service iptables status
Note: - Tcpwrappers are measures in /etc/hosts.allow and /etc/hosts.deny. QUE 4:- Selinux must be in enforcing mode Solution: -
# vim /etc/sysconfig/selinux
SELINUX=enforcing
# setenforce 1 (to set selinux mode) # getenforce (to view selinux mode)
Enforcing
# reboot
Kernel management
QUE 5.1:- Configure the Kernel parameter for forwarding your IP or Enable IP forwarding. Solution: -
# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl p
QUE 6.1:- Add the kernel parameter kernctl=5 to the kernel command line in /boot/grub/grub.conf Or QUE 6.2:- Pass a kernel boot line argument sysvctl, make it permanent & it should be displayed by cat /proc/cmdline. Solution: - Open a grub.conf file and edit the kernel arguments
# vim /boot/grub/grub.conf
Kernctl=5
Or
sysvctl
# reboot
Check the modified kernel arguments using command line
# cat /proc/cmdline
SSH server
QUE 7.1:-Configure SSH Server. Only example.com domain's persons can come in to your machine and remote.test domain's persons cannot for SSH. Or QUE 7.2:-Configure SSH access as follows: 1. Harry has remote SSH access to your machine from within example.com. 2. Clients within my133t.org should NOT have access to ssh on your system. Solution: -
# vim /etc/hosts.deny
sshd: .remote.test Or sshd: .my133t.com (Note: while using hosts.deny & hosts.allow file wild cards should not be used)
Scheduling Tasks
QUE 8.1:- To Deny cron service for sarsha user and allow cron service for all users Or QUE 8.2:- bertarm should not set crontab for himself; other users must configure crontab for themselves. Solution: - Create said user if user does not exit
or or or
# yum install wget # cd /root # wget http://server.example.com/pub/disk.iso # mkdir /mnt/virtdisk # vim /etc/fstab
/root/disk.iso /mnt/virtdisk iso9660 defaults,loop 00
# mount -a # df -Th
QUE.10.1:- Connecting to Cold Storage SAN that will be configured to access its own dedicated iscsi target, iscsi target IP is 172.24.48.254, iscsi target iqn.201009.com.example:rdisks.serverX, Partition, format and mount to /cold storage Solution: - Install iscsi package
# vim /etc/iscsi/initiatorname.iscsi
InitatorName=iqn.2010-09.com.example:rdisks.serverX
# chkconfig iscsid on # service iscsid restart # iscsiadm -m node -T iqn.2010-09.com.example:rdisks.serverX p 172.24.48.254 l # tail /var/log/messages (determine the device name of the iscsi device in the log files) # fdisk /dev/sda (Create a partition table on the device as required) # mkfs.ext4 /dev/sda1 (create a file system on partition) # mkdir /coldstorage (create a mount point for partition) # blkid /dev/sda1 (determine UUID of partition) # vim /etc/fstab (create partition mountable on every reboot)
UUID=XXXX-XXXX-XXXX-XXXX /coldstorage ext4, _netdev 00
# mount -a # df -Th
QUE 10.2:- ISCSI server is available in host.domain60.example.com (172.24.60.250) server for you. a. Create a 1200 MiB partition. b. Format it by ext4 filesystem. c. Copy a file from ftp://rhgls.domain60.example.com/pub/iscsi/iscsi.txt
d. DOT NOT make any modifications to the content of iscsi.txt e. This partition must be permanently available by /etc/fstab. Solution: Install iscsi package
# vim /etc/iscsi/initiatorname.iscsi
InitatorName=iqn.2010-09.com.example:rdisks.serverX
# chkconfig iscsid on # service iscsid restart # iscsiadm -m node T iqn.2010-09.com.example:rdisks.serverX p 172.24.60.250 l # tail /var/log/messages (determine the device name of the iscsi device in the log files) # fdisk /dev/sda (Create a partition table on the device as required) # mkfs.ext4 /dev/sda1 (create a file system on partition) # mkdir /coldstorage (create a mount point for partition) # blkid /dev/sda1 (determine UUID of partition) # vim /etc/fstab (create partition mountable on every reboot)
UUID=XX-XX-XX-XX /coldstorage ext4, _netdev 00
# mount -a # df Th
# vim /etc/named.conf
listen-on port 53 {any ;}; listen-on port 53 {any ;}; allow-query {localhost; 172.24.48.0/24 ;}; forwarders {172.24.48.254 ;}; Dnssec-query no;
# chcon -R --reference=/var/ftp/pub
/common
# exportfs -ra # chkconfig nfs on # service nfs restart # showmount -e x.x.x.x (where as x.x.x.x is IP of nfs server)
QUE 12.2:- Export /share directory, allow example.com and deny all. The exported directory must be automatically mounted under /net/misc/serverX. Solution: -
# exportfs -ra # chkconfig nfs on # service nfs restart # showmount -e x.x.x.x # vim /etc/auto.master
/net/misc/serverX
/etc/auto.misc (Where X is a your machine number) serverx.example.com:/share (Where as serverx is nfs server)
# vim /etc/auto.misc
Share -ro,sync,intr
# service autofs stop # service autofs start # chcon -R --reference=/var/ftp/pub # cd /net/misc/serverX # cd share
/share
# yum install vsftpd ftp # chkconfig vsftpd on # service vsftpd restart # vim /etc/hosts.deny
Vsftpd: ALL EXCEPT .example.com
QUE 14:- Set up drop-box for anonymous upload should be enabled on /var/ftp/upload, Anonymous Should connects as wx and allow for only your domain Solution: - Open a Configuration File and uncomment a line
# vim /etc/vsftpd/vsftpd.conf
anon_upload_enable=YES anon_mkdir_write_enable=YES
# mkdir /var/ftp/upload # chgrp ftp /var/ftp/upload # chmod 730 /var/ftp/upload # yum install libsemanage* # yum install libsemanage-python # yum install policycoreutils* # chkconfig vsftpd on # service vsftpd restart # semanage fcontext -a t public_content_rw_t /var/ftp/upload (/.*)? # restorecon -vvFR /var/ftp/upload # getsebool -a | grep ftp # setsebool -P allow_ftpd_anon_write=1 # setsebool -P allow_ftpd_full_access=1 # setsebool -P ftp_home_dir=1
# vim /etc/samba/smb.conf
workgroup = RHCEGROUP (Edit a line) hosts allow = 127. 172.24.48. (Open semicolon and edit line) [share] comment = samba server path = /share writable = no browseable = yes valid users = jerry
# Smbpasswd -a jerry # chkconfig smb on # service smb restart # getsebool -a | grep samba # setsebool -P samba_create_home_dirs=1 # setsebool -P samba_domain_controller=1 # setsebool -P samba_enable_home_dirs=1 # setsebool -P samba_export_all_ro=1 # setsebool -P samba_export_all_rw=1 # setsebool -P use_samba_home_dirs=1
# getsebool -a | grep smb # setsebool -P allow_smbd_anon_write=1 # smbclient //server.example.com/share -u jerry Password: Smb:\>
QUE 15.2:- Share the /common directory via SMB: a. Your SMB server must be a member of the STAFF workgroup b. The shares name must be common c. The common share must be available to example.com domain clients only. d. The common share must be browseable. e. Harry must have read access to the share, authenticating with the same password roxicant, if necessary. Solution: - Install samba package
# vim /etc/samba/smb.conf
workgroup = STAFF (This is name of workgroup) hosts allow = 127. *.example.com (Open semicolon and edit line) [common] (This is share name) comment = Samba Server path = /common (This is shared path) writable = no (Write access can be mentioned here) browseable = yes valid users = Harry (Valid user should be mentioned here) # Smbpasswd -a harry (set samba login passwd for harry as roxicant)
# chkconfig smb on # service smb restart # getsebool -a | grep samba # setsebool -P samba_export_all_ro=1 (Setting read only access to shared path) # getsebool -a | grep smb # setsebool -P allow_smbd_anon_write=0 (Setting anonymous access off) # smbclient //server.example.com/share -u jerry (accessing samba share) Password: Smb:\>
# vim /etc/httpd/conf/httpd.conf
< VirtualHost *:80> ServerAdmin DocumentRoot ServerName </VirtualHost >
3. Setting html page from given path
# cd /var/www/html # wget http://server.example.com/pub/serverX.html # mv serverX.html index.html # chcon -R --reference=/var/www/html index.html # chkconfig httpd on # service httpd restart
4. Testing http server
# elinks http://serverX.example.com
QUE 16.2:- Extend by your web server to host virtual site wwwX.example.com. Document root should be /var/www/virtual. Get your html page from server server/pub/wwwX.html to its document root as index.html. John should be able to write contents to /var/www/virtual Solution: - Open Configuration file & uncomment the line NameVirtualHost *:80 to enable virtual hosting
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80 (Uncomment this line to enable virtual hosting) < VirtualHost *:80> ServerAdmin root@serverX.example.com DocumentRoot /var/www/virtual ServerName wwwX.example.com </VirtualHost > (Where as wwwX.example.com is virtual host name)
# mkdir /var/www/virtual # cd /var/www/virtual # wget http://server.example.com/pub/wwwX.html # mv wwwX.html index.html # chcon -R --reference=/var/www/html /var/www/virtual # chkconfig httpd on # service httpd restart # elinks http://wwwX.example.com (Where X is a machine number)
Enable Access control to filesystem for giving write access to John to /var/www/virtual
# vim /etc/fstab
/dev/mapper/GLSvg-GLSroot / ext4 defaults,acl 1 1 (Note by default need to enable acl in rhel6)
# vim /etc/httpd/conf/httpd.conf
< VirtualHost *:80> ServerAdmin root@serverX.example.com (Where X is a your machine number) DocumentRoot /var/www/localhost ServerName localhost.localdomain </VirtualHost >
# mkdir /var/www/localhost # cd /var/www/localhost # wget http://server.example.com/pub/local.html # mv local.html index.html # chcon -R --reference=/var/www/html /var/www/localhost # chkconfig httpd on # service httpd restart # elinks http://localhost.localdomain
QUE 20:- Creating a Custom Self-Signed Certificate for servserX.example.com that will expire after a year. The certificate should have the following characteristics: The key should be 1024 bits and should not be encrypted Country code = local country State = local state Locality = local city Organization = Red Hat Inc. Common name = serverX.example.com Solution: 1. Install following packages for generating certificate
# vim /etc/httpd/conf.d/ssl.conf
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt (old path) SSLCertificateFile /etc/pki/tls/certs/serverX.example.com.crt # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key (old path) SSLCertificateKeyFile /etc/pki/tls/private/serverX.example.com.key
c. Copy this index.html to the DocumentRoot of your web server. d. DO NOT make any modifications to the content of index.html. QUE 16.4:- Extend your web server to include a virtual host for the site http://www.domain60.example.com then perform the following steps: a. Set the DocumentRoot to /var/www/virtual b. Download ftp://server1.example.com/pub/rhce/www.html c. Rename the downloaded file to index.html d. Place this index.html in the DocumentRoot of the virtual host. e. DO NOT make any modifications to the content of index.html f. Ensure that harry is able to create content in /var/www/virtual. QUE 16.5: - Create a secret directory in the default DocumentRoot of http://host.domain60.example.com a. Download ftp://server1.example.com/pub/rhce/station.html to secret directory b. Rename the downloaded file to index.html c. DO NOT make any modifications to the content of index.html d. secret is access by any user from your localhost only e. Other networks host should be deny to access secret.
# vim /etc/postfix/main.cf
myhostname = serverX.example.com mydomain = example.com myorigin = $myhostname myorigin = $mydomain inet_interfaces = all #inet_interfaces = localhost (Uncomment a line and edit) (Uncomment a line and edit) (Uncomment a line) (Uncomment a line) (Uncomment a line) (Comment a line)
(Uncomment a line) mynetworks =127.0.0.1/8, 172.24.48.0/24 (Uncomment a line and edit) relay_domains = $mydestination (Uncomment a line) relayhost = $mydomain (Uncomment a line)
a. Your mail server should access mail from remote hosts and localhost. b. Harry must be able to receive mail from remote hosts c. Mail delivered to harry should spool into the default mail spool for harry i.e. /var/spool/mail/harry. Solution: QUE 18:- Configure a POP3 server. Allow only example.com network and deny all for POP3 server. Solution: -
# vim /etc/dovecot/dovecot.conf
Protocols = imap pop3 lmtp
# vim /etc/aliases
Principal: jerry
# newaliases
QUE 19.2:-Configure an email alias from your MTA such that mail sent to admin is received by the local user Natasha. Solution: -
Shell Scripting
QUE 21.1:- Using Bash shell Scripts write a shell scripts for the following: 1) Type a redhat than display your output linux 2) Type a linux than display your output redhat 3) If both option are not using than display your output redhat linux Solution: -
# vim scripts
echo please type redhat or linux: read c case $c in redhat) echo linux ;; linux) echo redhat ;; *) echo redhat linux ;; esac
# sh scripts
QUE 21.2:- Write a shell script as naming bar.sh stored on /root which meet following requirements: 1. When we give input as foo, it should print bar 2. If we give input as bar, it should print foo 3. If we give any other input rather than foo or bar, it should print /root/bar.sh foo|bar as an error. Solution: -