RHCSA –Dumps: =============
EXAM NETWORK DETAILS : ------------------------####################################### NAME/DEVICE = eth0 HOSTNAME = serverX.example. serverX.example.com com ip address = 172.25.X.11 NEtmask = 255.255.255.0 default getway = 172.25.X.254 dns search path = example.com primary dns server = 172.25.254.254
################################# ################ ################################# ########################### ########### ###############
EXAM QUESTION
##################### ############### Questions 1 >
CONFIGURE YUM CLIENT:
Yum baseurl path = http://content.e http://content.example.com/rhel7. xample.com/rhel7.0/x86_64/dvd 0/x86_64/dvd ############## Question 2 > Configure Selinux Configure Selinux from Permissive mode Enforcing mode -----------------------------------------------------------------------------------------------------------------------------------Questions 3 > KERNEL UPDATE: Install the appropriate Kernel from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates. updates. Your machine should boot with updated kernel. ----------------------------------------------------------------------------------------------------------------------Qestions 4 > CREATE LVM: Create the "LVM" with the name "fedora" by using 20PE's from the volume group "redhat". Consider the PE size as "32MB". Mount it on /mnt/secret with filesystem vfat. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Questons 5 > RESIZE LVM:
Resize the lvm /dev/vgsrv/home, so thst after reboot the size will be in between 90MB to 120MB and the filesystem will be ext3. -------------------------------------------------------------------------------------------------------------------------------------------------Questions 6 > EXTEND SWAP SPACE Extend the SWAP space with "750" MB dont remove or extend the existing swap. --------------------------------------------------------------------------------------------------------------------------------------------------------------------Questoins 7 > USER'S GROUPS PERMISSION: Create a group named "manager" A user harry and natasha should belongs to "manager" group as a secondary group . A user sarah should not have access to interactive shell and he should not be a member of "manager" group.All above created users password "wakennym" . --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Questions 8 > DIRECTORY COLLABORATION: Create the Directory "/home/manager" with the following characteristics. Group ownership of "/home/manager" should go to "manager" group. group. The directory should have read, write & access permisions for all members off "manager" group but not to any other users.(you has to should understood that the "root" has full access on the all files present in the system). Files created under "/home/manager" should get the same group ownership is set to the "manager" group. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Questions 9 > CRON JOB: The user sarah must configure a cron job that runs daily at 14:23 every day. and executes "/bin/echo "Hyer" ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Questions 10 > ACCESS CONTROL LIST: Copy the file /etc/fstab to /var/tmp and configure mention following. The file /vat/tmp/fstab is owned file /var/tmp/fstab belongs to the group "root" The /var/tmp/fstab should not be executable by any one. should able to read and write to the file. The user
the "ACL" as by the "root". The file The user "sarah" "natasha" can
neither read nor write to the file. other users (future and current) shuold be able to read /var/tmp/fstab. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Questions 11 > ADD USERS: Create the user "dax" with uid 4332 with password "wakennym". ------------------------------------------------------------------------------------------------------------------------------------Questions 12 > LOCATE THE FILE locate the files of owner "dax" and copy to the location /root/found directory ------------------------------------------------------------------------------------------------------------------------------------------------------Questions 13 > FIND WORDS: Find the string strator from "/usr/share/dict/words" file and copy the lines in /root/lists.txt. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------Questions 14 > BIND THE LDAPUSER FOR AUTHENTICATION: Note the following. BASE DN: dc=example,dc=com ldap path ldap://classroom.example.com/ ldap://classroom .example.com/ Download the certificate from "http://classroom.example.com/pub "http://classroo m.example.com/pub/example-ca.crt" /example-ca.crt" Ldapuser10 should login into your system and ldapuser10 password should be password. -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Questions 15 > AUTOMOUNT THE HOME DIRECTORY FOR LDAPUSER: Note the following. classroom.example.com "Nfs exports" and /home/guests/ldapuserX Ldapuser's home directory is /home/guests/ldapuserX classroom.example.com:/home/guest classroom.exampl e.com:/home/guests/ldapuserX. s/ldapuserX. Ldapuser's home directory should be automounted locally beneath /home/guests/ldapuserX. /home/guests/lda puserX. While login ldapuser6 then only home home directory should accesible. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Questions 16 > "NTP" CLIENT: Synchronize time of your system with the server classroom.example.com classroom.example.com -----------------------------------------------------------------------------------------------------------------------------------------Questions 17 > TAKE BACKUP:
Compression & archive for /etc folder in gzip format and file arachive file name /root/etc.tar.gz. ------------------------------------------------------------------------------------------------------------------------------------===Paper 2====
RHCSA ######################### Instruction-1 Reset root Password to redhat ---> at the start prompt of linux press e ---> go near to fi linux 16 and press end key there it will reach at UTF-8 please type there rd.break console=tty1 ---->ctlr+x ---->#mount -o remount,rw /sysroot ---->#chroot /sysroot ---->#passwd root ----->#New Password: ----->Retype new passwd ----->#touch /.autorelabel ----->exit and exit (2 time exit is required) if progrss is showing with % 33.21%.. its done ########################## Instruction-2 Setup network with static IP with below given information and set hostname to station.domainX.example.com station.domainX.example.com Static IP 172.25.X.11 Netmask 255.255.255.0 Defaul gateway 172.25.X.254 Primary DNS Server 192.X.254.254 DNS search path example.com Ans: #nmcli device show #nmcli connectiom modify eth0 ipv4.address '172.25.10.10/24 172.25.10.254' #nmcli connectiom modify eth0 ipv4.dns '172.25.254.254' ipv4.dnssearch example.com #nmcli connection reload #systemctl restart network.service #cat /etc/sysconfig/ne /etc/sysconfig/network-scripts/ifc twork-scripts/ifcfg-eth0 fg-eth0 ######################## Instruction-3 configure yum client with baseurl as http://classroom.example.com/cont http://classroom .example.com/content/rhel7.0/x86_ ent/rhel7.0/x86_64/dvd 64/dvd #######################
Questions 1 | SELinux Make SELinux as enforcing mode which is permanent . ####################### ANS#vim /etc/sysconfig/selinux or vim /etc/selinux/conf /etc/selinux/config ig SELINUX=Enforcing :wq! #sestatus #setenforce 1 ################################# Questions 2 | CREATE LVM Create the "LVM" with the name "fedora" by using 15PE's from tha volume group "redhat". Consider the PE size as "16MB". Mount it on /test with filesystem vfat. ANS#fdisk /dev/vdb partprobe cat /proc/partitions pvcreate /dev/vdb1 vgcreate -s 16 redhat vgcreate -s 16 redhat /dev/vdb1 lvcreate -l 15 -n fedora redhat mkdir /test mkfs.vfat /dev/redhat/fedo /dev/redhat/fedora ra mount /dev/redhat/fedora /test/ df -hT vim /etc/fstab mount -a echo ? ############################## Questions 3 | USER'S GROUPS AND PERMISSION: a.Create a group named "manager" b. A user sarah and harry should belongs to "manager" group as a secondary group user natasha should have non-interactive shell and he should not be a memberof "manager" group. passwd for all user created should be "redhat123". ANS#### #groupadd manager # useradd -G manager sarah # useradd -G manager harry # useradd -s /sbin/nologin natasha # passwd sarah # paswd harry # passwd natasha ########################### Questions 4 | DIRECTORY COLLABORATION: Create the Directory "/home/manager" with the following characteristics. Group ownership of "/home/manager" should go to "manager" group. The directory should be have full permission for all members of "manager" group but not to any other users except "root". Files created under "/home/manager" should get the same group ownership is set to the "manager" group.
ANS## # mkdir /home/manager # chgrp manager /home/manager # chmod 770 /home/manager # chmod g+s /home/manager ########################### Questions 5 | UPDATE THE KERNEL: Install the appropriate Kernel from http://classroom http://classroom.example.com/pub/ .example.com/pub/. . Your machine should boot with updated kernel. ANS #open your firefox or use wget http://classroom.example.com/pub/kernel..... #cd Download #uname -r #rpm -ivh kernel #reboot #vim /etc/grub.conf ##################### Question:6 | CRON Job The user sarah must configure a cron job that runs daily at 14:23. and executes /bin/echo "welcome". Max user should not schedule cron jobs. ANS #useradd sarah #echo "redhat" | passwd --stdin sarah #su - sarah sarah$crontab -e 23 14 * * * /bin/echo "welcome" :wq! #systemctl restart crond #systemctl enable crond #vim /etc/cron.deny max :wq! ################## Questions 7 | RESIZE LVM:(Please chkeck its asking for redcuing or extending) Resize the lvm "/dev/vgsrv/home" so that after reboot size should be in between 90MB to 120MB. The filesystem will be "ext4" ##########LVEXTEND######### #lvextend -L 110M /dev/vgsrv/home #resize2fs /dev/vgsrv/home ############steps for reducing######## ############steps reducing################ ######## #umount /dev/vgsrv/home #e2fsck -f /dev/vgsrv/home #resize2fs /dev/vgsrv/home 96M #lvreduce -L 96M /dev/vgsrv/home #mount /dev/vgsrv/home #df -tH
################# Question8 | LDAP Note the following. BASE DN: dc=example,dc=com ldap path ldap://classroom.example.com Download the certificate from "http://classroom.example.com/pub "http://classroo m.example.com/pub/EXAMPLE-CA-CERT" /EXAMPLE-CA-CERT" ldapuserX should login into your system . Where "X" is your system no. ANS # yum install authconfig-gtk.x86_64 sssd -y #system-config-authentication in the dialogue box ldap search base DN:type in the box --dc=example,dc=com ldap server:type in the box --ldap://classroom.example.com/ --ldap://classroom.example.com/ tick on the use TLS----then Download the certificate type in the box http://classroom. http://classroom.example.com/pub/ example.com/pub/EXAMPLE-CA-CERT EXAMPLE-CA-CERT apply-apply #getent passwd ldapuserX #su - ldapuserX if bash prompt is coming you have correctly configure ldap ,(dont fear about error because its need a auto mount which we have not configured yet) ######################### Questions 9 | "NTP" CLIENT: Configure your system as "NTP" client for "classroom.examp "classroom.example.com". le.com". ANS #vim /etc/chrony.conf server 0.rhel.pool.ntp.org iburst server 1.rhel.pool.ntp.org iburst server 2.rhel.pool.ntp.org iburst server 3.rhel.pool.ntp.org iburst delete first 3 pool ,but donot delete the fourth one observe the changes server classroom.example.com iburst :wq #systemctl restart chronyd.service #sleep 30 #timedatectl ######################### QUestion 10 | NFS Automount Note the following. classroom.example.com "Nfs exports" /home/guests to your system where "x" is your station ip. Ldapuser's home directory is classroom.exampl classroom.example.com:/home/guest e.com:/home/guests/ldapuserx. s/ldapuserx. Ldapuser's home directory should be automounted locally beneath at /home/guests/ldapuserx. /home/guests/lda puserx. While login with any of the ldapuser then only home directory should accesible from your system that ldapuserX. ANS
#yum install autofs -y #vim /etc/auto.master at the end of the line /home/guests /etc/auto.misc :wq! #vim /etc/auto.misc ldapuserX -rw classroom.example.com:/home/guests/ldapuserX :wq! # systemctl restart autofs # systemctl enable autofs #su -ldapuserX [ldapuser11@server11 [ldapuser11@serv er11 ~]$ pwd /home/guests/ldapuser11 ####################### Question 11 | ACL Copy the file /etc/fstab to /var/tmp/fstab and configure the "ACL" as mention following. The file /var/tmp/fstab is owned by the "root". The file /var/tmp/fstab belongs to the group "root" The file /var/tmp/fstab should not be executable by other's. The user "sarah" should able to read and write to the file. The user "harry" can neither read nor write to the file. other users (future and current) shuold be able to read /var/tmp/fstab. # cp /etc/fstab /var/tmpfstab # setfacl -m u:sarah:rw /var/tmp/fstab # setfacl -m u:harry:--- /var/tmp/fstab # getfacl /var/tmp/fstab ##################### Questions 12 | CONFIGURE FTP SERVER: Configure FTP access from your system. Clients should have ananoumous access to your system. ANS #yum install vsftd* -y #systemctl restart vsftpd #systemctl enable vsftpd ################## uestions 13 | ADD USERS: Create the user julie with uid 4332 with password "anaconda". ANS #useradd -u 4332 julie #echo "anaconda" | passwd --stdin julie ###################################### Questions 14 | EXTEND SWAP SPACE: Extend the SWAP space to 250MiB. ANS #fdisk /dev/vdb
press n (p,l) enter-->enter-->type enter-->enter--> type +250M enter select t for giving type to swap id is=82 w #partprobe #mkswap /dev/vd7 after completing swap partition partition it will give an UUID copy and paste in fstab or in fstabe #vim /etc/fstab /dev/vdb7 swap swap defaults 0 0 :wq #swapon /dev/vdb7 #mount -a ;echo $? #free -m #################################### Questions 15 | LOCATE THE FILES: locate the files of owner "julie" and copy those to /root/john directory. ANS #mkdir -p /root/john #find / -user julie -exec cp -rvpf {} /root/john \; #################################### Question16: | GREP List all lines which have string ip from "/usr/share/dict/words" file and copy the lines in /root/found ANS #grep "ip" /usr/share/dict/ /usr/share/dict/words words >/root/found ################################# ################ ################################# ################################# ##################### #### ############################ Question17: | ARCHIVE Archive /etc/hosts to /var/tmp/archive /var/tmp/archive.tar.bz2 .tar.bz2 ANS #tar cjf /tmp/var/archive /tmp/var/archive.tar.bz2 .tar.bz2 /etc/hosts ######################################## ################################# ################## ##
RHCE: ====
RHCE(Ex-300)on RHEL 7 FullMarks=300 PassMark =210 TIME=3.5hours ***************************** RHCE EXAM ***************************** ******************************* ---------
YOUR CLASSROOM YUM BASEURL http://content.example.com/rhel7. http://content.e xample.com/rhel7.0/x86_64/dvd 0/x86_64/dvd ------------
Qustion 1 > Set Selinux in Enforcing mode Set the selinux policy Permissive to Enfrocing on both sides. _________________________________ ________________ _________________________________ _________________________________ _____________________ ____ __________________________________ Customize the user environment on both systems. _________________________________ ________________ _______________________________ ______________ Q-2. Create a custom command called "qstat" on both system1 and system2 that runs the command '/usr/bin/ps -Ao pid,tty,user,fname,rsz' pid,tty,user,fname,rsz' That command should be available to all users on the system. _________________________________ ________________ _________________________________ _________________________________ _____________________ ____ ___________________________________ Qustion 3 > Configure ssh: Configure ssh server on serverX.example.com serverX.example.com and domain.my113t.org should not have ssh access. _________________________________________________ _________________________________ _________________________________ _____________________ ____ ________________________________________ Question 4 | Configure ipv6 in both serverX & desktopX Configure IPV6 on both serverX.example.com & desktopX.example.com.According desktopX.example .com.According to following IP . serverX.example.com serverX.example. com - fddb:fe2a:ab1e::c fddb:fe2a:ab1e::c0a8:X/64 0a8:X/64 desktopX.example.com desktopX.example .com - fddb:fe2a:ab1e:: fddb:fe2a:ab1e::c0a8:20+X/64 c0a8:20+X/64 Note :- ('X' indiacte your System number ). _________________________________ ________________ _________________________________ ___________________________________ _____________________ __ ________________________________________
Qustion 5 > Configure Network Teaming.(reaggregation) on both sides. Configure Network teaming on system1 and system2 use two device called eno1 and eno2 in serverX Ipaddress is 192.168.0.100/24 192.168.0.100/24 and desktopX ipaddress is 192.168.0.200/24 _________________________________________________ _________________________________ _________________________________ _____________________ ____ _______________________________________ Qustion 6 > port forwarding: Configure PORT FORWARDING incomming connection on port 513/tcp on the firewall to port 132/tcp on network 192.168.0.0/24 _________________________________________________ _________________________________ _________________________________ _____________________ ____ _________________________________________ Q-7. Configure mail on both system1 and system2. --> Do not accept incoming mail from external sources. --> All mail sent locally on this system automatically routed to server1.group11.example.com --> Mail sent from these systems should show up as comming from group11.example.com --> Your max test by sending mail to 'another" --> The system server1.group11.example.com server1.group11.example.com is configured to drop mail for this user http://system1/received http://system1/received mail. _________________________________________________ _________________________________ _________________________________ _____________________ ____ ______________________________________ Qustion 8 > NFS Server: Export your "/public" directory via NFS to the example.com domain. Make sure that client in example.com domain should able to read only permission in /public. _________________________________________________ _________________________________ _________________________________ _____________________ ____ _____________________________________
Configure secure NFS server. **************************** Q-9. Export your "/publicshare" "/publicshare" directory directory using Kerberos Kerberos via NFS to example.com domain. Make sure that client in example.com domain should have read and write permission for a directory /publicshare and create a sub directory publicsecure under publicshare and make sure ldapuserX should have read & write access over publicsecure directory. Use keytab for the system1. http://classroom.exampe.com/pub/k http://classroom .exampe.com/pub/keytabs/serverX.k eytabs/serverX.keytab eytab
NFS mounts. ***************** Q-10. a) Mount /public permanently on the /mnt/secure on the system2. b) Mount the secure nfs share /publicshare permanently on the /mnt/securepath on system2 --> Verify that the user ldapuser1 has read and write access on the /mnt/securepath on the system2 and use keytab file http://classroom.example.com/pub http://classroom .example.com/pub/keytabs/desktopX /keytabs/desktopX.keytab .keytab _________________________________________________ _________________________________ _________________________________ _____________________ ____ ______________________________________ Qustion 11 > Configure SAMBA SHARE: Q-11. Share the directory "/common" via samba. Your samba server must be a member of "Staff" workgroup. --> The share name must be "common". Make sure that browsable must be enabled. --> The shared must be available to example.com clients area. --> The user "Harry" should have read access to the share with samba _________________________________________________ _________________________________ _________________________________ _____________________ ____ ______________ Configure Samba Share. ********************** Share a directory /secure via samba with a share name secure and make sure browseable option must be enabled . --> The shared must be available to example.com clients area. --> The user "rob" should have read access to the share with samba password "animous " and user "robby" shoud have read and write access to the share with samba password "animous" _________________________________________________ _________________________________ _________________________________ _____________________ ____ _________________________________________ Multiuser Samba mount. ********************** Q-13. Mount /secure the samba share permanentely on the /mnt/secure --> Mount port on system2 as a multiuser mount. --> Mount samba share with the credentials of user rob and password "animous" _________________________________________________ _________________________________ _________________________________ _____________________ ____ ________________________________________ Qustion 14 > Configure "web server": --------------------------------------Q-14. Configure the system1 as "web server" for the site http://serverX.example.com --> Download the web page station.html from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/station. updates/station.html html
--> Rename the downloaded page as index.html. --> Copy the index.html file to the "document root" and dont modify ii) Make sure the web site should be allow to example.com only and deny to my133t.org doimain . _________________________________________________ _________________________________ _________________________________ _____________________ ____ _______________________________________ Qustion 15 > Configure "web server": Create the directory "confidential" for the DocumentRoot of your webserver. Download the page "host.html" from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/host.htm updates/host.html l And move as index.html.It should be accessable to localhost only and not to any other host. _________________________________________________ _________________________________ _________________________________ _____________________ ____ ______________________________________ Qustion 16 > Configure name virtual hosting server: Configure the name virtual hosting server for the site http://wwwX.example.com. http://wwwX.exam ple.com. Download the page "www.html" from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/www.html updates/www.html and rename as index.html under documenRoot "/var/www/virtual". User called rock should able to add some content into /var/www/virtual directory. directory. _________________________________________________ _________________________________ _________________________________ _____________________ ____ _______________________________ Qustion 17 > Configure wsgi web server: Configure "wsgi" web server site name "webappX.example.com" "webappX.example.com" and download dynamic WSGI conent from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/webpp.ws updates/webpp.wsgi gi and stored inside virtual web server DocumentRoot of your webserver. and donot effect virtual web serevr. port should be 8999 and client should access the web site using webappX.example.com:8999. webappX.example.com:8999. _________________________________ ________________ _________________________________ _________________________________ _____________________ ____ __________ 17: confiure ssl web server Configure secure web server site name http://serverX.example.com http://serverX.example.com ant the web site will nedd to protect with tls. and the certificate can be download from http://classroom.example.com/pu http://classroom.example.com/pub/example-ca.crt b/example-ca.crt http://classroom.example.com/pub/ http://classroom .example.com/pub/tls/private/serv tls/private/serverX.key erX.key http://classroom.example.com/pub/ http://classroom .example.com/pub/tls/certs/serverX tls/certs/serverX.crt .crt _________________________________________________ _________________________________ _________________________________ _____________________ ____ _____________________________________ Qustion 19 > CONFIGURE "target server":
configure target server use the this iqn iqn.201502.com.example.group11:system1 02.com.example.g roup11:system1 and 3G backing store device volume group name iscsi_storage. iscsi storage should availabe to desktopX.example.com desktopX.example .com sysetm only. _________________________________________________ _________________________________ _________________________________ _____________________ ____ _______________________________________ 20: Configure iscsi client. Create a new 2024Mb iscsi target on your desktopX.example.com machine. this target should be called iqn.201409.com.example.group11:system1 09.com.example.g roup11:system1 and assign file system ext4 and mount under /mnt/iscsi directory. _________________________________ ________________ __________________________________ __________________________________ ____________________ ___ ___________________ Qustion 21 > Configure mariadb. Install mariadb database and user root password is animous database sholud access only localhost. create a "Contacts" datebase and restore a data base backup http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/mariadb. updates/mariadb.dump. dump. rob user can query and access "contacts" database should be use password is "animous". _________________________________________________ _________________________________ __________________________ __________ Qustion 22 >list the users information who have the password=animous from user table .user table located in mysql database. and store the result in the file name password.txt in the location /mnt _________________________________________________ _________________________________ _________________________________ _____________________ ____ ________________________________________ Qustion 23 > Script: Write the script called /root/script. If you pass an argument as "redhat" it should print "fedora" . If you pass an argument as "fedora" it should print "redhat". If won't pass any argument (or) if you pass another argument other than "redhat" and "fedora"it will print standard error "/root/script redhat|fedora". redhat|fedora". _________________________________ ________________ _________________________________ _________________________________ _____________________ ____ ____________________________________________ Q-24. Create a script on system1. --> It should be a single argument which is the name of file that contain usernames. --> If argument is not supplied it should display usage :/root/batchusers :/root/batchuser s and exit. --> If non existant file is specified, it should display file not found. --> Accounts should be encounted with login shell /bin/false --> Script does not root need to set password.
===Paper 2 with solutions===(RHCE): solutions===(RHCE):
First Modify the Network into Static mode Second Do Yum Client Then Do the Solutions No need need to reset root passwd in RHCE RHCE part part Question#1 (Do it in both the systems) Set Selinux in Enforcing mode ------------------------------Set the selinux policy Permissive to Enfrocing on both sides. ---------#vim /etc/selinux/conf /etc/selinux/config ig
SELINUX=permissive SELINUX=permissi ve mkdir coss NT_STATUS_MEDIA_WRITE_PROTECTED NT_STATUS_MEDIA_ WRITE_PROTECTED making remote directory \coss smb: \> #smbclient //server10/secure -U robby Enter robby's password: Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1] smb: \> mkdir coss smb: \> exit #vim /root/smb username=robby redhat=redhat :wq #mkdir /mnt/securedata #vim /etc/fstab //server10/secure //server10/secur e /mnt/securedata cifs defaults,credentials=/root/smb,mu defaults,credent ials=/root/smb,multiuser,sec=ntlm ltiuser,sec=ntlmssp ssp 0 0 :wq #su - robby [robby@desktop10 ~]$ cifscreds add server10 Password: please provide same samba users credential which is created in server side (robby,rob). $[robby@desktop10 $[robby@desktop1 0 securedata]$ in this directory please try to create a file. touch file12 [robby@desktop10 securedata]$ ls file12 ###############done################### IF YOU ARE GETTING THE ERROR MSG LIKE PLEASE TROUBLESHOOT IT if touch file12 touch: cannot touch ‘file1’: Permission denied
############################
##################### WEB SERVER ################ Question#13 Configure "web server": ----------------------------------------> Configure the system1 as "web server" for the site http://serverX.example.com --> Download the web page station.html from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/station. updates/station.html html --> Rename the downloaded page as index.html. --> Copy the index.html file to the "document root" and dont modify a. Make sure the web site should be allow to example.com only and deny to my133t.org doimain . !!!!!!!!!!!! Solution ---------#yum install httpd* -y #systemctl enable httpd.service #systemctl restart httpd.service #firewall-cmd --permanent --add-service=ht --add-service=http tp Success #firewall-cmd --reload success #rpm -qd httpd run this command #cat /usr/share/doc/httpd-2.4.6/httpd-vhosts.co /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf nf (read this file and copy last 7 lines) and paste in vim /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf segreate from 354 line######################### paste is here ServerAdmin webmaster@dummy-h
[email protected] ost2.example.com DocumentRoot "@@ServerRoot@@/ "@@ServerRoot@@/docs/dummy-host2. docs/dummy-host2.example.com" example.com" ServerName dummy-host2.exam dummy-host2.example.com ple.com ErrorLog "/var/log/httpd/dummy-host2.exa "/var/log/httpd/dummy-host2.example.com-error_lo mple.com-error_log" g" CustomLog "/var/log/httpd/ "/var/log/httpd/dummy-host2.examp dummy-host2.example.com-access_log le.com-access_log" " common and please observe the changes (X 172.25.X.11:80>(X is your system number) ServerAdmin
[email protected] [email protected] ple.com DocumentRoot /var/www/html ServerName serverX.example.com serverX.example.com [this is file lines you have to remember] Order deny,allow Deny from .my133t.org
Allow from .example.com !!!!!!! Now download the web page station.html from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/station. updates/station.html html #wget -O index.html http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/station. updates/station.html html ( run this command) #systemctl restart httpd.service #curl -k http://serverX.example.com (better use firefox) ((((((((((((((((((((((((((((((((( (((((((((((((((( (((((((((((((((((((((Done)))))))) ((((Done))))))))))))))))))))))))) ))))))))))))))))))))) )))) ) Question#14 Configure "web server": --------------------------Create the directory "confidential" for the DocumentRoot of your webserver. Download the page "host.html" from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/host.htm updates/host.html l And move as index.html.It should be accessable to localhost only and not to any other host. ----------------------------------------------------------------------------------------#mkdir /var/www/html/confidential /var/www/html/confidential N.B--Again open the conifguration file and copy from the [this is file lines you have to remember] Order deny,allow Deny from .my133t.org Allow from .example.com please observe the changes nfidential> Order deny,allow Deny from all Allow from serverX.example. serverX.example.com com :wq Now Download Download the page "host.html" from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/host.htm updates/host.html l #wget -O index.html http://classroom.example.com/pub/updates/host. http://classroom.example.com/pub/updates/host.html html (run this command no need to raname again) #systemctl restart httpd.service open firefox from desktop,foundation machine it should be forbiddent,if it brsowseable then mistake with your configuration It will only browse with serverX.example.com serverX.example.com ((((((((((((((((((((((((((((((((( (((((((((((((((( ((((((((((((((((((((((((((((((((Do (((((((((((((((Done))))))))))))))) ne)))))))))))))))))) ))) ))))))))) Question#15
Configure name virtual hosting server: -------------------------------------Configure the name virtual hosting server for the site http://wwwX.example.com. http://wwwX.exam ple.com. Download the page "www.html" from http://classroom.example.com/pub/ http://classroom .example.com/pub/updates/www.html updates/www.html and rename as index.html under documenRoot "/var/www/virtual". User called rock should able to add some content into /var/www/virtual directory. directory. Solution ######### #mkdir /var/www/virtual /var/www/virtual #cd /var/www/virtual /var/www/virtual #wget -O index.html http://classroom.example.com/pub/updates/ww http://classroom.example.com/pub/updates/www.html w.html copy the begining 5 lines from main web server configuration observe the changes (X 172.25.X.11:80>(X is your system number) ServerAdmin
[email protected] [email protected] ple.com DocumentRoot /var/www/html ServerName serverX.example.com serverX.example.com
and
changes (X 172.25.X.11:80>(X is your system number) ServerAdmin
[email protected] [email protected] .com DocumentRoot /var/www/virtual ServerName wwwX.example.com wwwX.example.com #systemctl restart httpd.service #useradd rock #setfacl -m u:rock:rwx /var/www/virtual #su - rock #vim /var/www/virtual/ /var/www/virtual/rock.html rock.html Rock is modifying the virtual content :wq #systemctl restart httpd.service first browse firefox http://wwwX.example.com http://wwwX.example.com then browse firefox http://wwwX.example.com/rock.html http://wwwX.example.com/rock.html ((((((((((((((((((((((((((((((((( (((((((((((((((( ((((((((((((((((((((((((((((((((( (((((((((((((((((((((((((((DONE)) (((((((((((DONE)))))) )))) )))))))))))))))))))))))))))))) Question#17 confiure ssl web server ----------------------------Configure secure web server site name http://serverX.example.com and the web site will need to protect with SSL. Download the certificates form following locations http://classroom.example.com/pub/ http://classroom .example.com/pub/example-ca.crt example-ca.crt http://classroom.example.com/pub/ http://classroom .example.com/pub/tls/private/serv tls/private/serverX.key erX.key http://classroom.example.com/pub/ http://classroom .example.com/pub/tls/certs/server tls/certs/serverX.crt X.crt #solution
---------# yum install mod_ssl -y firewall-cmd --permanent --add-service=htt --add-service=https ps success #firewall-cmd --reload success ---->download the keys below location (please download only .crt extension keys in this directory) #cd /etc/pki/tls/cert /etc/pki/tls/certs/ s/ wget http://classroom. http://classroom.example.com/pub/ example.com/pub/example-ca.crt example-ca.crt wget http://classroom. http://classroom.example.com/pub/ example.com/pub/tls/certs/serverX tls/certs/serverX.crt .crt #cd /etc/pki/tls/private /etc/pki/tls/private wget http://classroom. http://classroom.example.com/pub/ example.com/pub/tls/private/serve tls/private/serverX.key rX.key Now run a command # egrep 'SSLC|SSLE|SSLP' /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf and copy form SSL engine on to server-chain.crt and what ever # commented delete except server-chain.crt server-chain.crt(just (just uncomment it) Step#1 copy the first 5 lines from the begining begining and observe the the changes (X 172.25.X.11:80>(X is your system number) ServerAdmin
[email protected] [email protected] ple.com DocumentRoot /var/www/html ServerName serverX.example.com serverX.example.com Step 2 (And what ever you copied from egrep 'SSLC|SSLE|SSLP' /etc/httpd/conf.d/ssl.conf /etc/httpd/conf. d/ssl.conf ) please paste in the middle SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 HIGH:MEDIUM:!aNULL:!MD5 # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. SSLHonorCipherOrder. #SSLCipherSuite RC4-SHA:AES128-SH RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aN A:HIGH:MEDIUM:!aNULL:!MD5 ULL:!MD5 # Point SSLCertificateFil SSLCertificateFile e at a PEM encoded certificate. If SSLCertificateFile SSLCertificateFi le /etc/pki/tls/cert /etc/pki/tls/certs/localhost.crt s/localhost.crt SSLCertificateKeyFile SSLCertificateKe yFile /etc/pki/tls/pri /etc/pki/tls/private/localhost.ke vate/localhost.key y # Point SSLCertificateChainFile SSLCertificateChainFile at a file containing the # the referenced file can be the same as SSLCertificateFile SSLCertificateFile #SSLCertificateChainFile #SSLCertificateC hainFile /etc/pki/tls/cer /etc/pki/tls/certs/server-chain.cr ts/server-chain.crt t final changes please observer (X 172.25.X.11:443>(X is your system number) 80 to 443 ServerAdmin
[email protected] [email protected] ple.com DocumentRoot /var/www/html ServerName serverX.example.com serverX.example.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 (X is your system number) ServerAdmin
[email protected] [email protected] .com DocumentRoot /var/www/virtual ServerName wwwX.example.com wwwX.example.com
and observe the changes
172.25.X.11:80> change 80 to 8999 (X is your system number) ServerAdmin
[email protected] [email protected] help grant;and copy the below line MariaDB [(none)]>CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass'; *****please observe the changes********* changes************* **** MariaDB [(none)]>CREATE USER 'rob'@'localhost' IDENTIFIED BY 'redhat'; MariaDB [(none)]>help grant; and copy the below line GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost'; **************please **************please observe the changes************** changes************** MariaDB [(none)]>GRANT SELECT ON content.* TO 'rob'@'localhost'; 'rob'@'localhost'; now exit from the database type exit; ##step2####### download a database from http://classroom.example.com/pub/ http://classroom .example.com/pub/materials/mariadb materials/mariadb/mariadb.dump /mariadb.dump # mysql -u root -predhat content < /root/mariadb.dump #mysql -u rob -predhat content MariaDB [content]> show tables; +-------------------+ | Tables_in_content | +-------------------+ | category | | manufacturer | | product | +-------------------+ 3 rows in set (0.00 sec) MariaDB [content]> select * from from category category where id=1; +----+------------+ | id | name | +----+------------+ | 1 | Networking | +----+------------+ 1 row in set (0.00 sec) ################################# ################ #################copy copy the output and paste in a file.txt################ Question#18 CONFIGURE "target server" --------------------------configure target server use the this iqn iqn.201502.com.example:system1 02.com.example:s ystem1 and 3G backing store device volume group name iscsi_storage. iscsi storage should availabe to desktopX.example.com desktopX.example.com sysetm only. Solution:----------
@Server ------#yum install targetcli.noarch targetcli.noarch -y #systemctl enable target #systemctl restart target #firewall-cmd --permanent --add-port=3260/ --add-port=3260/tcp tcp #firewall-cmd --reload #fdisk /dev/vdb Command (m for help): n Select (default p): e Partition number (1-4, default 1):(enter) First sector (2048-20971519, default 2048):(enter) Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519):(enter) (Partition 1 of type Extended and of size 10 GiB is set) Command (m for help): n First sector (4096-20971519, default 4096):(enter) Last sector, +sectors or +size{K,M,G} (4096-20971519, default 20971519):+3G Partition 5 of type Linux and of size 3.4 GiB is set Command (m for help): t Partition number (1,5, default 5):(enter) Hex code (type L to list all codes): 8e Command (m for help): p Command (m for help): w #partprobe #pvcreate /dev/vdb5 #vgcreate iscsi_storage /dev/vdb5 #lvcreate -n storage -l 100%FREE iscsi_storage #targetcli /> ls(you will get output like this below) o- / ................................. ................ ................................. ................................. .................... ... [...] o- backstores ................................. ................ .................................. ......................... ........ [...] o- block ............................... .............................................. ............... [Storage Objects: 0] | o- fileio ............................................. ............................................. [Storage Objects: 0] | o- pscsi .............................................. .............................................. [Storage Objects: 0] | o- ramdisk ............................................ ............................................ [Storage Objects: 0] o- iscsi ................................. ................ ................................. ....................... ....... [Targets: 0] o- loopback ................................. ................ ................................. .................... .... [Targets: 0] /> /backstores/block create iscsi_storage /dev/iscsi_storage/storage /> /iscsi create iqn.2015-02.com.example:serverX iqn.2015-02.com.example:serverX
/> ls(observe the changed output now) o- / ................................. ................ ................................. ................................. .................... ... [...] o- backstores ................................. ................ ................................. ......................... ......... [...] | o- block .............................................. .............................................. [Storage Objects: 1] | | o- iscsi_storage [/dev/iscsi_storage/storage [/dev/iscsi_storage/storage (3.0GiB) write-thru deactivated] | o- fileio ............................................. ............................................. [Storage Objects: 0] | o- pscsi .............................................. .............................................. [Storage Objects: 0] | o- ramdisk ............................................ ............................................ [Storage Objects: 0] o- iscsi ................................. ................ ................................. ....................... ....... [Targets: 1] | o- iqn.2015-02.com. iqn.2015-02.com.example:serverX example:serverX ............................... ................ ............... [TPGs: 1] | o- tpg1 ................. .................................. .......................... ......... [no-gen-acls, no-auth] | o- acls ................................. ................ ................................. ..................... ..... [ACLs: 0] | o- luns ................................. ................ ................................. ..................... ..... [LUNs: 0] | o- portals ................................. ................ ................................ ............... [Portals: 0] o- loopback ................................. ................ ................................. .................... .... [Targets: 0] /> /iscsi/iqn.2015-0 /iscsi/iqn.2015-02.com.example:sys 2.com.example:system1/tpg1/acls tem1/tpg1/acls create iqn.2015-02.com.example:desktopX /> /iscsi/iqn.2015-0 /iscsi/iqn.2015-02.com.example:sys 2.com.example:system1/tpg1/luns tem1/tpg1/luns create /backstores/block/iscsi_storage /> /iscsi/iqn.2015-0 /iscsi/iqn.2015-02.com.example:sys 2.com.example:system1/tpg1/portals tem1/tpg1/portals create 172.25.X.11 /> ls(you should get final output like this) o- / ................................. ................ ................................. ................................. .................... ... [...] o- backstores ................................. ................ ................................. ......................... ......... [...] | o- block .............................................. .............................................. [Storage Objects: 1] | | o- iscsi_storage [/dev/iscsi_storage/storage [/dev/iscsi_storage/storage (3.0GiB) write-thru activated] | o- fileio ............................................. ............................................. [Storage Objects: 0] | o- pscsi .............................................. .............................................. [Storage Objects: 0] | o- ramdisk ............................................ ............................................ [Storage Objects: 0]
o- iscsi ................................. ................ ................................. ....................... ....... [Targets: 1] | o- iqn.2015-02.com. iqn.2015-02.com.example:serverX example:serverX ............................... ................ ............... [TPGs: 1] | o- tpg1 ................. .................................. .......................... ......... [no-gen-acls, no-auth] | o- acls ................................. ................ ................................. ..................... ..... [ACLs: 1] | | o- iqn.2015-02.com. iqn.2015-02.com.example:desktopX example:desktopX .................. ................ .. [Mapped LUNs: 1] | | o- mapped_lun0 ................ ..................... ..... [lun0 block/iscsi_storage block/iscsi_stor age (rw)] | o- luns ................................. ................ ................................. ..................... ..... [LUNs: 1] | | o- lun0 ........... [block/iscsi_storage [block/iscsi_storage (/dev/iscsi_storage/storage)] | o- portals ................................. ................ ................................ ............... [Portals: 1] | o- 172.25.X.11:3260 ................................. ................ ............................ ........... [OK] o- loopback ................................. ................ ................................. .................... .... [Targets: 0] /> saveconfig /> exit #systemctl restart targetd ################################# ################ ################################# ################################# ##################### #### ################################# Question#19 Configure iscsi client. ----------------------Create a new 2024Mb iscsi target on your DesktopX.example.com machine. this target should be called iqn.2015-02.com.example:system1 iqn.2015-02.com.example:system1 and assign file system ext4 and mount under /mnt/iscsi directory. @Clint side(Desktop) ------------------#yum install iscsi-initiator-utils.i686 iscsi-initiator-utils.i686 -y #systemctl enable iscsid.service #vim /etc/iscsi/initia /etc/iscsi/initiatorname.iscsi torname.iscsi InitiatorName=iqn.2015-02.com.ex InitiatorName=iqn.2015-02.com.example:serverX ample:serverX :wq! #systemctl restart iscsid.service #man iscsiadm(in a new terminal or tab) goto to end page and copy this line iscsiadm --mode discoverydb --type sendtargets --portal 192.168.1.10 --discover and make the following changes #iscsiadm --mode discoverydb --type sendtargets --portal 172.25.X.11 -discover Again copy from this line and make following changes as below iscsiadm --mode node --targetname iqn.2001-05.com.doe:test iqn.2001-05.com.doe:test -portal 192.168.1.1:3260 --login
observe the changes #iscsiadm --mode node --targetname iqn.2015-02.com.example:serverX iqn.2015-02.com.example:serverX -portal 172.25.X.11:3260 --login #fdisk -l(it should show another drive as local storage i.e. /dev/sda) #fdisk /dev/sda Command (m for help): n Select (default p): p Partition number (1-4, default 1):(enter) First sector (8192-6291455, default 8192):(enter) Last sector, +sectors or +size{K,M,G} (8192-6291455, default 6291455): +2024M Command (m for help): p Command (m for help): w #partprobe #mkfs.ext4 /dev/sda1 #mkdir /mnt/iscsi #blkid(copy the UUID of /dev/sda1) #vim /etc/fstab UUID="25ad4e73-bc45-48e2-8f99-18 UUID="25ad4e73-bc45-48e2-8f99-1891fc096c29" 91fc096c29" /mnt/iscsi ext4 _netdev 0 0 :wq! #mount -a #df -H #iscsiadm --mode node --targetname iqn.2015-02.com.example:system1 iqn.2015-02.com.example:system1 -portal 172.25.X.11:3260 --logout (use the same command which has been used to login with changing it to logout) #reboot #df -H(check whther /dev/sda1 is still mounted or not if yes then it is successful) ((((((((((((((((((((((((((((((((( (((((((((((((((( ((((((((((((((((((((((((((((((((( ((((((((((((((((((((((((DONE))))) ((((((((DONE))))))))) )))) ))))))))))))))))))))))))))))))))) Question#21 Script: ------Write the script called /root/script. If you pass an argument as "redhat" it should print "fedora" . If you pass an argument as "fedora" it should print print "redhat". "redhat". If you pass any argument argument other than "redhat" or "fedora"it will print standard error "STDERR|redfed". #!/bin/bash if [ "$1" == "redhat" ] then echo "fedora" elif [ "$1" == "fedora" ] then echo "redhat" else echo "STD|ERR-red/fed" fi :wq
#chmod +x /root/script1.sh /root/script1.sh # sh /root/script1.sh redhat (o/p=fedora) # sh /root/script1.sh fedora (o/p=redhat) # sh /root/script1.sh ganesh STD|ERR-red/fed ################################# ################ #############################done# ############done################## #################### ### Question#22 Create a script on DesktopX. --------------------------------> It should be a single argument which is the name of file that contain usernames. --> If argument is not supplied it should display usage :/root/batchusers :/root/batchuser s and exit. --> If non existant file is specified, it should display "file not found." --> Accounts should be encounted with no login shell /bin/false --> Script does not root need to set password. #!/bin/bash if [ $# -eq 0 ] then echo "FILE:IN USAGE" elif [ -f $1 ] then for x in `cat $1` do useradd -s /sbin/nologin $x done else echo "file not found" fi :wq #vim coss user1 user2 user3 :wq #sh /root/script2.sh coss it will add the users #cd /home ################################# ################ ################################# ########################DONE##### ########DONE######### #### ############