Exam Q&A

November 10, 2017 | Author: imtibd | Category: Secure Shell, File System, Disk Storage, Operating System Technology, System Software
Share Embed Donate


Short Description

Download Exam Q&A...

Description

Question RHCSA 1. Set your system as Examiner can login your system as root user and password is TomBigBee.  restart vm machine  On boot time press any key  Press “e” for edit  Select – kernel /LVlinuz-***** and press “e”  Type 1 and press enter  Press “b” (then it will boot single user mood) Sh # setenforce 0 Sh # passwd Sh # redhat Sh # init 5 2. You read the file /root/network and check your NIC configuration. Solution: #cat /root/network # vim /etc/hosts (Set Host name) # setup # (Check ONBOOT=yes from following location) #system-config-network or vim /etc/sysconfig/network-script/ifcfg-eth0 # service network restart (Restart Network) N.B: NetworkManager (Disable from ntsysv) 3. Dig server1.example.com successfully resolves that hostname using DNS. Solution: To set DNS #vi /etc/resolv.conf (example: nameserver 192.168.1.1) Question 4. All rpms are available in /var/ftp/pub/rhel6/Server/Packages and /var/ftp/pub/update directory on the server server1.example.com or 192.168.1.254. Install dialog package Solution: # vim /etc/yum.repos.d/base.repo  [base] name=Red Hat Linux 6 baseurl=ftp://server1.example.com/pub/rhel6/Server enabled=1 gpgcheck=0 # yum install dialog* -y

yum related command # yum list dialog # yum list all # rpm -qa | grep httpd* (Find out if httpd package installed or not) # yum list installed httpd (Find out if httpd package installed or not) # yum list httpd (to search for package by name) # yum install httpd (to install the package ) # yum remove httpd (to remove the package) # yum info httpd (Find information about a package) # yum clean all (too clear cash) 5. Create a user with id 3456 useradd -u 3456 arms id username (Check) useradd -u 105 -s /bin/bash (with shell) 6. Create three users and a group that: User khalid is a member of group officestuff as secondary group User ruhul is a member of group officestuff as a secondary group User neo not a member of group officestuff User neo has no interactive shell. Password of all users must be password Solution: # groupadd officestuff # adduser –G officestuff khalid # adduser –G officestuff ruhul # adduser –s /sbin/nologin neo # cat /etc/passwd # passwd khalid # passwd ruhul # passwd neo 7. Make sure the permission on the /officedata directory that: All member of group officestuff can create a file or directory in that directory Member of group officestuff can modify each other file in that directory Other user can only read file or access subdirectory in that directory Solution: # mkdir /officedata # chgrp officestuff /officedata # chmod 2775 /officedata # ls –ld /officedata

8. Copy the file /etc/fstab in to the directory /var/tmp that: This file has no execution permission The file ownership must be root:root User khalid can read and modify this file User ruhul can read this file Other user neither read or write this file Solution: # cp /etc/fstab /var/tmp (ACL) EFFECT) # ls –la /var/tmp/fstab # vim /etc/fstab  /var ext4 defaults,acl 1 2 # mount –o remount,acl /var # getfacl /var/tmp/fstab (chek permision) # setfacl –m u:khalid:rw- /var/tmp/fstab # setfacl –m u:ruhul:r-- /var/tmp/fstab # setfacl –m o::0 /var/tmp/fstab # getfacl /var/tmp/fstab (conform permision)

(SELINUX

9. Create a new logical volume size 300 MB called myswap from the existing volume group. And make a swap partition using myswap. Also make sure it will be available after reboot. Solution: # vgs # lvcreate -L 300M -n myswap vg_name # mkswap /dev/vg_name/myswap [create the swap file system] # swapon /dev/vg_name/myswap [mount the swap] # free [check ] # vim /etc/fstab [/dev/lvname/myswap swap swap defaults 0 0] 10. Extend logical volume varfs 2GB to 2.3GB. Solution: # lvextend –L 2.3G /dev/vgname/lvname #resize2fs /dev/vol0/varfs 11. You must export /home/new to the example.com network. Test the below command to check the exported share for localhost. showmount –e localhost Solution: # yum install nfs* rpcbind* #chkconfig rpcbind on # chkconfig nfs on # vim /etc/exports  /home/new *.example.com(rw)

#service rpcbind start # service nfs start # showmount –e localhost Test output 12. Enable IP forwarding Solution: # vim /etc/sysctl.conf  net.ipv4.ip_forward = 1 13. Network Time Proticol: StationX must synchronize its time via server1.example.com or 192.168.1.254 Solution: # chkconfig ntpd on # system-config-date # synchronize system date and time over the network # add  server1.example.com  ok

NTP

Server

14. To update installation your OS kernel that: Download the update kernel that is available on ftp://server1.example.com/pub/rhel6/update directory for anonymous Both kernels are listed in the grub menu. System will run automatically with the new kernel Examiner has 5 second to switch old kernel at the grub menu Answer: # wget ftp://server1.example.com/pub/rhel6/update # uname –r or uname –ra or cat /etc/grub.conf (check present kernel verion) # rpm –ivh kernel* 15. You must install the share printer on your system to connect shared printer using IPP that Location of the demo print server is server1.eample.com Network printer name is stationX and queue type is Generic Text only You can conform the printer setup via URL http://server11.example.com/printers/stationX Here X is your station number Solution: # yum install system-config-printer* cups* -y # service cups start # system-config-printer  new Network printer IPP Host server1.example.com Queue /printers/stationX Forward continue anyway -> install Generic forward Printer name (station101)  forward

Print a test page (yes) Set as default (v) How to check

16. Cron Jobs: Make a schedule task only for user neo (except root) to run the command /bin/echo Hello stationX.example.com at any output terminal at 12:06 Solution: # cat /etc/crontab # crontab –e –u neo  6 12 * * * /bin/echo Hello station101 # service crond restart # crontab -l -u Khalid _____________________________________________________________________ For 1 min [root@station101 ~]# ls /dev/pts/ 0 ptmx [root@station101 ~]# ls -l /dev/pts/0 crw--w----. 1 root tty 136, 0 Sep 26 17:28 /dev/pts/0 [root@station101 ~]# chmod o+w /dev/pts/0 [root@station101 ~]# ls -l /dev/pts/0 crw--w--w-. 1 root tty 136, 0 Sep 26 17:28 /dev/pts/0 */1 * * * * /bin/echo Hello > /dev/pts/0\ _____________________________________________________________________ 17. natasha unable to write crontab Solution: vim /etc/cron.deny Type user name natasha then save & close login user crontab -e (Check) 18. To configure ftp service for the network example.com that: Anonymous user can access to your system via ftp within the network example.com Solution: # yum install vsftpd* -y # chkconfig vsftpd on # service vsftpd start # getsebool –a |grep ftp (SELINUX EFFECT) # setsebool –P ftp_home_dir on

# setsebool –P allow_ftpd_anon_write on # getsebool –a |grep ftp (check se effect) # service vsftpd restart Need to Check

19. To configure apache service for the stationX.example.com that: Download station.html file from ftp://server1.example.com/pub/stationX Copy station.html file into the /var/www/html as index.html Remember that you cannot modify this file. Here X is your station number. Solution: # yum install httpd* -y # chkconfig httpd on # service httpd start # cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bac # vim /etc/httpd/conf/httpd.conf : set nu Line 262: Serveradmin root@localhost (if need to change the admin) Line 276: Servername station101.example.com: 80 (uncomment) Save and exit :x # cd /var/www/html # wget ftp://server1.example.com/pub/station107.html # mv station.html index.html # ls –lZ /var/www/html/index.html  httpd_sys_content_t (if show this index then ok) # httpd -t # service httpd restart To check go to the browser and type station101.example.com 20. When user Robert type, (His password is “password”) dd if=/dev/zero of=file bs=1024 count=70 kb he successed dd if=/dev/zero of=file bs=1024 count=100 kb he failed Solution: # vim /etc/fstab  /home ext3 defaults,usrquota 1 2 # mount –o remount,usrquota /home # mount [to show home type ext3 (rw,quota,quota)] # quotacheck –cM /home # chcon –t quota_db_t /home/aquota.user (SELINUX EFECT) # quotaon /home # edquota robart Blocks soft hard  70 100

# repquota –v /home

Testing

21. Configure a system to use an existing LDAP directory service for user and group information. Answer: # yum install -y openldap nss_ldap # authconfig-tui check 'USE LDAP' and 'USE LDAP Authentication' Press 'NEXT' Specify the correct domain settings check 'use TLS' server: ldap://192.168.1.254/ base DN: dc=domain10,dc=example,dc=com Press 'OK' Then it will ask u for a tls certificate in a location. Remember that location and download certificate file from desired ftp location provided by examiner and put in that location. press 'ok' Testing: # getent passwd (Last line u will see the ldap user with encrypted password) # su - ldapusr 22. Mount ldap user home directory using autofs. Answer: # yum install autofs* -y # chkconfig autofs on # vi /etc/auto.master  /lhome/domain101 /etc/auto.ldap # vi /etc/auto.ldap * -fstype=nfs,rw,soft 192.168.1.201:/lhome/ldap/& # service autofs restart Testing: # su – ldapuser (you will get correct prompt once it is configured correctly.)

Script 23. Write a script in /root/script.sh to give the following output sample output: Solution: #/root/script.sh PERL THIS IS PYTHON #/root/script.sh PYTHON THIS IS PERL #/root/script.sh /root/script.sh PERL|PYTHON # vim /root/script.sh #!/bin/sh case "$1" in 'PERL') echo "THIS IS PYTHON" ;; 'PYTHON') echo "THIS IS PERL" ;; *) echo "usage:$0 PERL|PYTHON" exit 1 ;; esac # # # #

chmod 775 /root/script.sh (permission) /root/sctip.sh PERL (check output) /root/sctip.sh PYTHON (check outpu t) /root/sctip.sh (check output)

RHCE - Configuration 1. To configure https service for the network example.com that: Configure a https site called wwwX.example.com. Make sure others network cannot access this site. Solution: # yum install mod_ssl* -y # cd /etc/httpd/conf.d # cp ssl.conf ssl. conf.bak # vim ssl.conf : set nu Line 77: DocumentRoot "/var/www/html" (uncomment) Line 78: ServerName www101.example.com:443 (uncomment & modify) Save and exit :x # service httpd restart 2. To configure apache service for user ruhul. No one can access this web page. Solution: # vim /etc/httpd/conf/httpd.conf # "/var/vhost" Order deny,allow Deny from all Allow from 172.24.254.50 (User IP) 3. To configure apache service as virtual hosting for the www.X.example.com that: Download www.html file from ftp://server1.example.com /pub/rhel6 Copy www.html file into the /var/vhost as index.html User khalid can modify the /var/vhost/index.html file. Here X is your station number Solution: # mkdir /var/vhost –p # cd /var/vhost # wget ftp://server1.example.com/pub/rhel6/www.html # mv www.html index.html # vim /etc/httpd/conf/httpd.conf : set nu Line 990: NameVirtualHost *:80 (uncomment) Copy 1003 to 1009 (7yy) Paste (p) DocumentRoot /var/www/html ServerName station101.example.com

DocumentRoot /var/vhost ServerName www101.example.com # chcon –R --reference=/var/www/html /var/vhost # ls –lZ /var/vhost # service httpd restart ACL for khalid setfacel –m u:khalid:rw /var/vhost setfacel –m u::0 /var/vhost 4. Here example.com or 192.168.1.254 is your trusted network and your system is based on example.com domain there another network mig233.org or 192.168.2.0/24. This network mig233.org or 192.168.2.0 is not trusted. Solution: # iptables -F # iptables -I INPUT -s 192.168.2.0/24 -j REJECT # iptables –nL (show iptable status) # service iptables save # service iptables restart 5. To configure ssh service for the network example.com that: User khaled can access to your system via ssh with in the network example.com Any user or the network mig233.org can’t access to your system via ssh. Solution: # yum install openssh* -y # chkconfig sshd on # service sshd start # vim /etc/ssh/sshd_config Line 22 AllowUsers khaled (end of the line) # service sshd restart ssh [email protected] (check access) 6. To configure Network File Sharing service that: The shared directory /officedata is available for all members of the network example.com The shared directory should available in read and write to all the members of example.com domain. Make sure the network mig233.org can’t access NFS shared directory. Solution: # vim /etc/exports  /officedata *.example.com(rw,sync) Save and exit :x # service rpcbind restart # service nfs restart # showmount -e

Test output 7. To configure samba service for the network example.com that: Samba server workigroup name must be Fedora The shared directory /officedata as shared name allaccess Only user ruhul can access that directory with password password Only example.com network can access samba shared directory Solution: # yum install samba* -y # chkconfig smb on # cp /etc/samba/smb.conf /etc/samba/smb.conf.bak # vim /etc/samba/smb.conf 74: workgroup = Fedora (uncomment) 79: interfaces = 192.168.1.0/24 (uncomment) Shift+g 248: copy 7 lines (7 yy) 254: paste (v) 254 [allaccess] 255 comment = Home Directories 256 path = /officedata 257 browseable = yes 258 writable = yes 259 ; valid users = ruhul (keep comment) 260 ; valid users = MYDOMAIN\%S (Keep comment) Save and exit # getsebool -a | grep samba (SELINUX EFFECT) # setsebool –P samba_enable_home_dirs on # setsebool –P samba_export_all_rw on # chcon -t samba_share_t /officedata # ls –lZ /officedata (check selinux) # smbpasswd –a ruhul # service smb start To check the SAMBA share is working: Open My Computer  Edit menu Preference Behavior tab  Click the (Always open in browser window) Close and Open again My Computer Type smb://station101.example.com/allowaccess - Username = ruhul - Domain = Fedora (case sensetive) - Password = password

8. Mount an ISO file during startup on /mnt/dvd/iso. ISO file is located at /tmp/xyz.iso Solution: #mkdir –p /mnt/dev/iso #vi /etc/rc.local mount –o loop /tmp/xyz.iso /mnt/dvd/iso (add this line to rc.local) Save and exit To mount manually # mount –o loop /tmp/xyz.iso /mnt/dvd/iso #df –h (check) 9. Copy all the lines from /root/worddb.dict files that contains the word "blue" and put those lines in /root/sorted.dict /root/worddb.dict contains: The sky is blue. Red cap with blue bubble. Red cad. solution: #cat /root/worddb.dict | grep -i blue (-i = case insensitive) OR #cat /root/worddb.dict | grep –i blue > /root/sorted.dict (-i = case insensitive) #cat /root/worddb.dict | grep blue > /root/sorted.dict Output contains: cat /root/sorted.dict The sky is blue. Red cap with blue bubble. 10. Create an lv with minimum 50 extend from datavg. The PE is size of the datavg is 16 and mount it on /mnt/dvd/newfs during startup. Solution: # system-config-lvm # vgdisplay # vgdisplay datavg # lvcreate -l 50 -n datalv /dev/datavg # mkfs.ext4 /dev/datavg/datalv # lvdisplay datalv # lvdisplay /dev/datavg/datalv

11. To configure smtp service for the network example.com that: User ruhul can send or received mail within the network example.com. Make sure any user of the network mig233.org can’t access at 25 port address Solution: # yum install postfix* -y ----- (Sendmail should be off) # chkconfig postfix on # service postfix start # cp /etc/postfix/main.cf /etc/postfix/main.cf.bac # vim /etc/postfix/main.cf # :set nu Go to the following line and uncomments 75: myhostname = station101.example.com (uncomment & type host name) 83: mydomain = example.com (uncomment & type domain name) 98: myorigin = $myhostname (uncomment) 113: inet_interfaces = all (uncomment) 116: inet_interfaces = localhost (check uncomment) 119: inet_protocols = all (check uncomment) 164: mydestination = $myhostname, localhost.$mydomain, localhost (check uncomment) 250: mynetworks_style = subnet (uncomment) 264: mynetworks = 192.168.1.0/24, 127.0.0.0/8 (uncomment & add ip) Save and exit # service postfix restart Checking Mail Sending & Receiving # su – ruhul $ mail –v [email protected] $ Subject: MSG00 $ type something as a body of text. $. $ su – khaled $ mail (to read mail) 12. To configure pop service for the network example.com that: (Extra) User khalid can retrieve mail from the mail file /var/spool/mail/khalid Make sure any user of the network mig233.org can’t use pop service. Solution: # yum install dovecot* -y # chkconfig dovecot on # vim /etc/dovecot/dovecot.conf 25: protocols = imap pop3 lmtp (uncomment)

# vim /etc/dovecot/conf.d/10-mail.conf 24: mail_location = maildir:~/if /var/spool/mail (uncomment) 25: mail_location = mbox:~/mail:INBOX=/var/mail/%u (uncomment) Save and exit :x # service dovecot restart Checking # su – ruhul $ mail –v [email protected] $ Subject: MSG00 $ type something as a body of text. $. $ su – khaled # mutt -f pop://[email protected] # password # space for show the message 13. To configure any MTA service for the network example.com that: User root can send mail to ruhul user within the network example.com Make sure that the mail of user root should get by the khalid user Solution: # vim /etc/aliases End of the line (shift+g) root: root,khalid Save and exit :x # newaliases 14. To configure imaps service for the network example.com that: To make a demo certificate, The certificate information is - Organization name: RedHat Inc. - Organization unit name: RHCE - Hostname: stationX.example.com - Email: [email protected] And other information must be default. Here X is your station number Solution: # yum install make* aide* -y #find / -name dovecot.pem –exec rm –f {} \; # make -C /etc/pki/tls/certs dovecot.pem Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:RedHat Inc. Organizational Unit Name (eg, section) []:RHCE Common Name (eg, your name or your server's hostname) []:station101.example.com Email Address []:[email protected] make: Leaving directory `/etc/pki/tls/certs'

# cd /etc/dovevot/conf.d # cp 10-ssl.conf 10-ssl.com.bak # vim 10-ssl.conf 12: ssl_cert = /filesystem.txt #[root@station5 Desktop]# iscsiadm -m discovery -t st -p 192.168.0.254 Starting iscsid: [ OK ] 192.168.0.254:3260,1 iqn.2008-09.com.example:server1.station5 [root@station5 Desktop]# service iscsi restart Stopping iscsi: [ OK ] Starting iscsi: [ OK ] [root@station5 Desktop]# chkconfig iscsi on [root@station5 Desktop]# fdisk -l

Disk /dev/sda: 320.1 GB, 320072933376 bytes 255 heads, 63 sectors/track, 38913 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes

Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x000207c8 Device Boot Start End Blocks /dev/sda1 * 1 26 204800 Partition 1 does not end on cylinder boundary. /dev/sda2 26 2576 20480000 /dev/sda3 2576 4488 15360000 /dev/sda4 4488 38914 276525056 /dev/sda5 4488 4619 1048576 /dev/sda6 4619 4746 1024000

Id 83

System Linux

83 83 5 82 83

Linux Linux Extended Linux swap / Solaris Linux

Disk /dev/sdb: 536 MB, 536870912 bytes 17 heads, 61 sectors/track, 1011 cylinders Units = cylinders of 1037 * 512 = 530944 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Disk /dev/sdb doesn't contain a valid partition table [root@station5 Desktop]# fdisk /dev/sdb Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel with disk identifier 0xf113fbb0. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won't be recoverable. Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) WARNING: DOS-compatible mode is deprecated. It's strongly recommended to switch off the mode (command 'c') and change display units to sectors (command 'u'). Command (m for help): p Disk /dev/sdb: 536 MB, 536870912 bytes 17 heads, 61 sectors/track, 1011 cylinders Units = cylinders of 1037 * 512 = 530944 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xf113fbb0 Device Boot

Start

End

Blocks

Id

System

Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-1011, default 1): Using default value 1 Last cylinder, +cylinders or +size{K,M,G} (1-1011, default 1011): Using default value 1011 Command (m for help): p Disk /dev/sdb: 536 MB, 536870912 bytes 17 heads, 61 sectors/track, 1011 cylinders Units = cylinders of 1037 * 512 = 530944 bytes Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xf113fbb0 Device Boot /dev/sdb1

Start 1

End 1011

Blocks 524173

Id 83

System Linux

Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. [root@station5 Desktop]# partprobe Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy). As a result, it may not reflect all of your changes until after reboot. [root@station5 Desktop]# cd /dev/sd sda sda1 sda2 sda3 sda4 sda5 sda6 sdb sdb1 [root@station5 Desktop]# mkfs.ext4 /dev/sdb1 mke2fs 1.41.12 (17-May-2010) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) Stride=0 blocks, Stripe width=0 blocks 131072 inodes, 524172 blocks 26208 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=67633152 64 block groups 8192 blocks per group, 8192 fragments per group 2048 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 26 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. [root@station5 Desktop]# vim /etc/fstab /dev/sdb1

/mnt/ISCSI5

ext4

[root@station5 Desktop]# mount -a [root@station5 Desktop]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 15G 2.0G 12G 15% / tmpfs 1.4G 260K 1.4G 1% /dev/shm /dev/sda1 194M 26M 159M 14% /boot /dev/sda6 985M 19M 916M 2% /home /dev/sda2 20G 11G 7.9G 57% /var //192.168.122.105/testshare/ 5.8G 2.0G 3.6G 35% /mnt/samba /dev/sdb1 496M 11M 460M 3% /mnt/ISCSI5

_netdev 0 0

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF