Carefully perform the following steps in serverX virtual machine. Configure serverX so that it meets the following requirements. For all services, allow connections from the local subnet 192.168.0.0/24 subnet, but disallow connections from the 192.168.1.0/24 subnet. All the items will be checked after a reboot. The letter “X” in serverX, desktopX, wwwX, and ldapuserX should be replaced by your workstation number.
Compete the following tasks in 2 hours. Assume that you do not have root access to your desktopX during the exam. Use your DNS server and default gateway as 192.168.0.254. Your package repository is at http://instructor.example.com/pub/rhel6/dvd
1.
Configure serverX with a with a static ip address 192.168.0.X+100 where X is the number your desktopX.example.com 2.
Configure SELinux to run in Enforcing mode. 3.
Allow SSH connections from the local subnet. 4.
Configure an SMTP server in serverX so that it allows connections from the local subnet. User jack should not be able receive email where user sysadmin should be in administrator group and should be able to receive all the mails that are destined to root user. 5.
Connect to the LDAP server, instructor.example.com, using the distinguished name (DN) of dc=example,dc=com for account information. The LDAP server requires secure connections using the certificate found at ftp://instructor.example.com/pub/EXAMPLE-CA-CERT. The LDAP server provides an account named ldapuserX. Use Kerberos passwords with a realm EXAMPLE.COM for authentication. Set the KDC and Admin servers to point to instructor.example.com. The kerberos accounts have a password as kerberos 6.
Configure an auto mounted home directory for the ldapuserX account so that it is writable. The home directory is shared via NFS from instructor.example.com. 7.
Connect to the iSCSI target rdisks.serverX provided by instructor.example.com. 8.
Remove all of the current partitions on the iSCSI disk. Configure a new 30 MB physical partition using the iSCSI target with an ext3 filesystem and a label of test mounted on /test. The /test directory must be owned by the user root and the group root, and have a permission of 770. It should also be mounted persistently across reboots. 9.
Configure NFS to share the /test directory. Make it read-write to the local subnet. Allow root to have root privileges when accessing the NFS share. 10.
Create a user account named matt using a password of matt. 11.
Create a user account named cindy using a password of cindy. 12.
Create a group named admins that includes matt and cindy.
13.
Configure Samba to share the /test directory using a share name of test. Make it readable for cindy (use a Samba password as password) and writable for matt (use a Samba password as password). Make sure the Linux permissions allow read/write as listed here, as well as meeting the user, group and permission requirements listed above. 14.
Configure a secure web server using the certificate and key located at http://instructor/pub/materials/tls/certs/serverX.crt and http://instructor/pub/materials/tls/private/serverX.key. Make the web server use /myweb/index.html as the default web page. Configure the index.html file such that accessing the secure web site will present the following: Hello World! 15.
Allow cindy and matt to write the /myweb/index.html file. 16.
User cindy should not have permission to setup scheduled tasks. 17.
Find all the files that owned by cindy and copied them to the /root/cindy-backup folder 18.
The systems cracker.org domain should not able to ssh to your serverX machine Where cracker.org domain network is 10.0.1.0/24 19.
Create a private directory /myweb/private that can only be accessed by desktopX.example.com via HTTP. The index.html page should contain “ServerX Private Data”. 20.
Create a web site wwwX.example.com where the default web page display as “Welcome to wwwX” 21.
Setup a schedule job to print memory information to a file mem.info in home directory every day at 10:30 AM as matt 22.
Create a script in /usr/local/bin so that it will display “EX200” when you pass the command line argument “rhcsa” and “EX300” when you pass the command line argument “rhce”
Thank you for interesting in our services. We are a non-profit group that run this website to share documents. We need your help to maintenance this website.