चह जतन अछ कर कल तफ त लग सरशन रम ह क ग... ...
[email protected]#: ========================= Dont Break the passwd here login with Root Account #change the hostname as static #Modify the !" as static # $um %lient &uestion#' (Do it in )oth the systems* +et +elinu, in -nforcing mode +et the selinu, policy !ermissi/e to -nfrocing on )oth sides. #/im 0etc0selinu,0config +-1234=permissi/e 5 change permissi/e to -nforcing :w6 #setenforce '7 systemctl re)oot done &uestion#8 %ustomi9e the user en/ironment on )oth systems. %reate a custom command called 6stat on )oth system' and system8 that runs the command 0usr0)in0ps Ao pid;tty;user;fname;rs9 0usr0)in0ps Ao pid;tty;user;fname;rs9> :w6 #source 0etc0)ashrc #6stat ????????????????????????????????????????????????????????????????????????? done????????????????????? &uestion# %onfigure ssh on )oth the systems. %onfigure ssh ser/er on ser/er4.e,ample.com and domain.my''t.org should not ha/e ssh access. solution #/im 0etc0hosts.deny sshd: .my't.org :w6 #systemctl restart sshd ????????????????????????????????????done??????????????????????? &uestion# %onfigure ip/ %onfigure !" on )oth desktop4 and ser/er4 on eth de/ice; this should not effect !" network. n ser/er4 !" should )e fdd):fe8a:a)'e::caC:'0 .n desktop4 !" fdd):fe8a:a)'e::caC:80 should )e
and after re)oot )oth !" and !" should )e a)le to communicate on )oth sides. +olution: @ser/er: #nmcli connection modify +ystem eth ip/.addresses >fdd):fe8a:a)'e::caC:'0> ip/.method static #nmcli connection down +ystem eth #nmcli connection up +ystem eth after re)oot try to ping to the )elow ip #ping fdd):fe8a:a)'e::caC:8(if it is pinging then ok* @%lient: #nmcli connection modify +ystem eth ip/.addresses >fdd):fe8a:a)'e::caC:80> ip/.method staticile: 0 #nmcli connection reload #systemctl restart network after re)oot try to ping to the )elow ip #ping fdd):fe8a:a)'e::caC:'(if it is pinging then ok* EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEEEEEEEEEEEEEEEEEEEEEEEEE &uestion#F %onfigure 2etwork Irunner: Iname:acti/e)ackupJJ> #nmcli connection show #nmcli connection add type teamsla/e conname ganesh ifname eth' master team #nmcli connection add type teamsla/e conname ganesh ifname eth8 master team #nmcli connection modify team ip/.addresses >'G8.'C..'08> #nmcli connection reload #systemctl restart network #teamdctl team state setup: runner: acti/e)ackup ports: eth' link watches: link summary: up instanceKlinkEwatchEL: name: ethtool link: up eth8 link watches: link summary: up instanceKlinkEwatchEL: name: ethtool link: up runner: acti/e port: eth' #############################################done################################## ####################### &uestion#
port forwarding: %onfigure !R< RNARD2O incomming connection on port F'0tcp on the firewall to port '0tcp on network 'P8.8F..08. #firewallcmd permanent addrichrule=>rule family=ip/ source address='P8.8F..08 forwardport port=F' protocol=tcp toport='> #firewallcmd reload ??????????????????????????????????????????????????????? done?????????????????????????????????????''' &uestion#P %onfigure mail on )oth system' and system8. Q Do not accept incoming mail from e,ternal sources. Q All mail sent locally on this system automatically routed to system'.group'.e,ample.com Q Mail sent from these systems should show up as comming from group'.e,ample.com Q $our ma, test )y sending mail to >another #la) smtpnullclient setup(do in the la) not in e,am* +etting up ser/er machine... +etting up mutt... #####if pkg is not installed #### # rpm 6a grep postfi, postfi,8.'.'.elP.,CE # yum install postfi, yS% # systemctl ena)le postfi,S% # systemctl restart postfi,S% # firewallcmd addser/ice=smtp permanent # firewallcmd reload steps you ha/e remem)er and do the same desktop in e,am(system8* #postconf e inetEinterfaces=loop)ackonly # postconf e mydestination= # postconf e relayhost=Ksmtp'.e,ample.comL # postconf e myorigin=e,ample.com # postconf e localEtransport=error: local deli/ery disa)led # postconf e mynetworks='8P...0C K::'L0'8C # systemctl restart postfi,.ser/ice # su student Kstudent@ser/er4 TLU mail s >Oanesh is configured smtp null client> student@desktop'.e,ample.com Vi t send the mails to me. )ecause its null client i can send to you . -< #######################done############### &uestion#C 2+ +er/er: -,port your 0pu)lic directory /ia 2+ to the e,ample.com domain. Make sure that client in e,ample.com domain should a)le to read only permission in 0pu)lic. &uestion#G %onfigure secure 2+ ser/er.
-,port your 0pu)licsecure directory with using Wer)oros /ia 2+ to the e,ample.com domain. Make sure client in e,ample.com domain shoud a)le to read and write prmission on 0pu)licsecure and create a su)directory called pu)licshare. a.pu)licshare directory owner should )e ldapuser4 and ldapuser4 user should a)le to read and write not to any other . ).Download keyta) for the ser/er from the is url http:00classroom.e,ampe.com0pu)0keyta)s0ser/er4.keyta) EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEEEEEEEEEEEEEEEEEEEEE &uestion#' 2+ mounts. a* Mount 0pu)lic permanently on the 0mnt0secure on the desktop4. )* Mount the secure nfs share 0pu)licsecure permanently on the 0mnt0securepath on desktop4. /erify that user ldapuser4 has read and write access on the 0mnt0securepath on the desktop4 Quse keyta) file http:00classroom.e,ample.com0pu)0keyta)s0desktop4.keyta) ############################# +olution of &uestionC and 'a 2+ share @+er/er machine #yum install nfs y #systemctl ena)le nfsser/er #systemctl restart nfsser/er #firewallcmd permanent addser/ice=nfs #firewallcmd permanent addser/ice=mountd #firewallcmd permanent addser/ice=rpc)ind #firewallcmd reload #mkdir 0pu)lic #/im 0etc0e,ports 0pu)lic 'P8.8F..0'(ro* in e,am your domain will )e fields #e,portfs r/ #showmount e ser/er4 @%lient(desktop* #yum install nfsutils y #showmount e ser/er4 #mkdir 0mnt0secure #/im 0etc0fsta) 'P8.8F.4.'':0pu)lic 0mnt0secure nfs defaults :w6 #mount a #df V +olution of &uestionG and '). 2+ with Wr)F @+er/er machine #la) nfskr)F setup(this is only for classroom* #yum install nfs y #systemctl ena)le nfssecureser/er
(please restart in this se6uence only* #systemctl restart nfsser/er #systemctl restart nfssecureser/er #firewallcmd permanent addser/ice=nfs (we already added at first &uestion* #firewallcmd permanent addser/ice=mountd #firewallcmd permanent addser/ice=rpc)ind #firewallcmd reload (use capital and keep the file as 0etc0kr)F.keyta) only* #wget 0etc0kr)F.keyta) http:00classroom.e,ample.com0pu)0keyta)s0ser/er4.keyta) #mkdir mPPP 0pu)licsecure #mkdir 0pu)licsecure0pu)licshare #chown ldapuser4 0pu)licsecure0pu)licshare0 #ls ld 0pu)licsecure0pu)licshare0 #ls ld 0pu)licsecure0 #/im 0etc0sysconfig0nfs at line no ' #R!%2+DARO+=" .8 (!lease use capital "* #/im 0etc0e,ports 0pu)licsecure 'P8.8F..0'(rw;sec=kr)Fp* #e,portfs r/ #showmount e 'P8.8F.4.'' ?????????????????????? @%lient(desktop* #la) nfskr)F setup (do not do it in e,am* #showmount e ser/er4 (use capital and keep the file as 0etc0kr)F.keyta) only* #wget 0etc0kr)F.keyta) http:00classroom.e,ample.com0pu)0keyta)s0desktop'.keyta) #systemctl ena)le nfssecure (2.B:only this one ser/ice need to restart at desktop or clinet not other 8ser/ices* #systemctl restart nfssecure #mkdir 0mnt0securepath #/im 0etc0fsta) 'P8.8F.4.'':0pu)licsecure 0mnt0securepath nfs defaults;sec=kr)Fp :w6 #mount a #ssh lpdauser4@localhost (password is ker)eros* Kldapuser'@ser/er' TLU df V Kldapuser'@ser/er' TLU cd 0mnt0securepath0pu)licshare in this directory ldapuser should write some content. mkdir coss touch file ((((((((((((((((((((((((((((((D2-****************************** &uestion#'' %onfigure +AMBA +VAR-: Q +hare the directory 0common /ia sam)a. $our sam)a ser/er must )e a mem)er of +taff workgroup. Q 7 please o)ser/e the changes MariaDB K(none*LQ%R-Aro)>@>localhost> D-2redhat>7 MariaDB K(none*LQhelp grant7 and copy the )elow line ORA2< +-1-%< 2 d)8.in/oice Heffrey>@>localhost>7 please o)ser/e the changes MariaDB K(none*LQORA2< +-1-%< 2 content. ro)>@>localhost>7
now e,it from the data)ase type e,it7 ##step8####### download a data)ase from http:00classroom.e,ample.com0pu)0materials0mariad)0mariad).dump # mys6l u root predhat content 5 0root0mariad).dump #mys6l u ro) predhat content MariaDB KcontentLQ show ta)les7 YY
