RHCSA EXAM RHEL7 We need to configure the system before starting the actual Exam with the following prerequests YOU HAVE ONE SYSTEM WITH ONE VIRTUAL SYSTEM IN BUILD PACKET FILTERING SHOULD NOT AFFECT THE NETWORK INTERGITY. USE THE STATIC IP:- IP ADDRESS OF desktopX - 172.25.X.10 and serverX- 172.25.X.11, "X" refers to your system no. NETMASK - 255.255.255.0 GATEWAY - 172.25.X.254 PRIMARY DNS 172.25.254.254 HOSTNAME - serverX.example.com and desktop, "X" refers to your system no. DOMAIN NAME - example.com YUM BASEURL IS baseurl=http://172.25.254.254/rhel7.0/x86_64/dvd. The "root" user's password should be “redhatRHCSA” Note : Either IP tables or firewalld can be used to clear the exam in this mock paper the iptables has been used
I) Breaking the root password. Ans : reboot the exam VM and bring the system in to the grub menu and Press 'e' to edit the grub add the words rd.break console=tty1 at the end of the line linux16 and press ctrl+x or f10 to boot, it boot and lands into the prompt and type the following commands a) # mount -o remount,rw /sysroot b) # chroot /sysroot c) # passwd root ( Enter the new password as prompted ) d) # touch /.autorelabel e) # init 6 or reboot ( this will reboot the system ) II. Setup the network settings such as hostname , ip address , DNS etc with the single TUI based command Ans= # nmtui ( and press enter key and follow the procedure ) # init 6 and then check the network settings III. Setup the yum Client Ans = # vim /etc/yum.repos.d/yum.repo ( create this new file name can be any , but the extension of .repo and add the following lines [RHEL7] baseurl=
gpgcheck=0 enabled=1 :wq! # yum clean all # yum repolist # yum install ksh –y then click on the question tab with and follow the questions
1. Create the following users, groups and group memberships: -
Create a group named sysadmin
-
A user saara who belongs to sysadmin as a secondary group.
-
A user Natasha who also belongs to sysadmin as a secondary group.
-
A user harry who does not have access to an interactive shell on the system, and who is not a member of sysadmin.
-
Saara, Natasha and harry should all have the password of avaster.
Ans: a) groupadd sysadmin # useradd -G sysadmin sara # useradd -G sysadmin natasha # useradd -s /sbin/nologin harry # passwd sara # passwd natasha # passwd harry ----------------------------------------------------------------------------------------------------------------------------
2. Create a collaborative directory /shared/sysadmin with the following characterstics:
Ans:
-
Group ownership of /shared/sysadmin is sysadmin.
-
The directory should be readable, writable and accessible to members of sysadmin, but not to any other user.(It is understood that root has access to all files and directories on the system).
-
Files created in /shared/sysadmin automatically have group ownership set to the sysadmin group.
---------------------------------------------------------------------------------------------------------------------------3. Install the appropriate kernel update from ftp://instructor.example.com/ftpupdates. The following must also be met: -
The updated kernel is the default kernel when the system is rebooted.
-
The original kernel remains available and bootable on the system.
Ans: # Edit the yum repo file and add the new baseurl below the current url save the file and type # yum clean all # yum update kernel* -y
( this will install the new kernel without modifying the
existing kernel and automatically modify the grub file as well ) check the grub file and reboot the system , new kernel entry will appear in the grub menu as default boot , then allow to boot it
---------------------------------------------------------------------------------------------------------------------------4. Enable IP forwarding. Ans # sysctl -A | grep ip_forward copy the output and paste under the following file # vim /etc/sysctl.conf net.ipv4.ip_forward = 1 # sysctl -p --------------------------------------------------------------------------------------------------------------------------5. The user saara must configure a cron job that runs daily at 15:25 local time and executes /bin/echo hello. Ans:# su – sara $ crontab -e 25
15
*
*
*
echo hello
---------------------------------------------------------------------------------------------------------------------------6. Resize the Lvm so that it should be in between 400MB to 450MB. (or) 130MB to 150MB. Ans: # lvs a) # lvextend -L 250 -r /dev/vgname/lvname { assume lv size is 200M then}
b) Assume the lv size is 200M, then # umount /mountpoint # e2fsck -f /dev/vgname/lvname # xfs_repair -f /dev/vgname/lvname # resize2fs -f /dev/vgname/lvname 150M # lvreduce -L 150M /dev/vgname/lvname # mount /dev/vgname/lvname /mountpoint # df -h # blkid /dev/vgname/lvname # vim /etc/fstab ---------------------------------------------------------------------------------------------------------------------------7. Bind the LDAP for user authentication. Note the following: -
dc=example,dc=com
-
Ldap path ldap://classroom.example.com/
-
Download the certificate from http://classroom.example.com/pub/EXAMPLECA-CERT
-
ldapuserx should be able to log into your system, where x is your station number, but will not have a home directory until you have completed the autofs requirement.
check the TLS click on to: download certificate http://classroom.example.com/pub/EXAMPLE-CA-CERT # getent passwd ldapuser1 # su – ldapuser1 $ exit # grep ldapuser1 /etc/passwd # getent passwd ldapuser1
---------------------------------------------------------------------------------------------------------------------------8. Configure autofs to automount the home directories of LDAP users. Note the following: -
instructor.example.com(192.168.0.254) NFS-exports /home/guests to your system, where is x is your station ip.
-
Ldapuserx’s home /home/guests/ldapuserx
-
Ldapuserx’s home directory should be automounted locally beneath /home as /home/ldapuserx.
-
Home directories must be writable by their users.
-
While you are able to log in as any of the users ldapuser1 through ldapuser20, the only home directory that is accessible from your system is ldapuserx.
Ans: # yum install autofs -y # vim /etc/auto.master
directory
is
instructor.example.com:
/home/guests
/etc/auto.guests
:wq! # vim /etc/auto.guests *
-rw classroom.example.com:/home/guests/&
:wq! # service autofs restart # service autofs reload # su – ldapuser1 $ touch f1 f2 f3 ---------------------------------------------------------------------------------------------------------------------------9. Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so that:
Ans:
-
The file /var/tmp/fstab is owned by the root user.
-
The file /var/tmp/fstab belongs to the group root.
-
The file /var/tmp/fstab should not be executable by anyone.
-
The user saara is able to read and write /var/tmp/fstab.
-
The user Natasha can neither write nor read /var/tmp/fstab.
-
All other users (current and future) have the ability to read /var/tmp/fstab.
---------------------------------------------------------------------------------------------------------------------------10. Configure your system so that it is an NTP client of instructor.example.com
Ans: # yum install system-config-date -y # system-config-date click network time protocol check Enable network Time Protocol add: instructor.example.com click: advanced options click: syncronize system clock before starting service to check # chronyc sources -v ---------------------------------------------------------------------------------------------------------------------------11. Configure SSH access as follows:
Ans:
-
Natasha has remote SSH access to your machine from within example.com
-
Clients within remote.test should NOT have access to ssh on your system.
a) # yum install openssh-server -y # vim /etc/ssh/sshd_config # Authentication: allowusers natasha
--Add this line
b) iptables -F iptables -F -t nat service iptables save iptables -A INPUT -s -p tcp – -dport 22 -j REJECT
service iptables save ---------------------------------------------------------------------------------------------------------------------------12. Configure FTP access on your system: -
Clients within the example.com domain should have anonymous FTP access to your machine.
-
Clients outside example.com should NOT have access to your FTP service.
Ans: a) # yum install vsftpd # service vsftpd restart # chkconfig vsftpd on # iptables -A INPUT ! REJECT
-s -p tcp - -dport 21 -j
# service iptables save ---------------------------------------------------------------------------------------------------------------------------13. Implement a web server for the site http://serverX.example.com , then perform the following steps:
---------------------------------------------------------------------------------------------------------------------------14. Create a user deal with userid 2015. Ans: # useradd -u 2015 deal ---------------------------------------------------------------------------------------------------------------------------15. Create a Logical Volume with the name “database” by using 25 PEs. From the group “datastore” of 50PEs. (OR) Create a Logical Volume with the name “database” by using 25 extends. From the group “datastore” of 50extends. Consider PE size as 8mb. And mount under /datadb.
Ans: a) # fdisk -cu /dev/vda
{create a partition of 200MB and set a id to 8e}
# type 8e # reboot # pvcreate /dev/vda5 # vgcraete datastore /dev/vda5 # lvcreate -l 25 -n database /dev/datastore/ # mkfs -t ext4 /dev/datastore/database # mkdir /database # mount /dev/datastore/database /database # df -h # vim /etc/fstab /dev/mapper/datastore-database /database ext4 b) # fdisk -cu /dev/vda # type 8e # reboot # pvcreate /dev/vda5
---------------------------------------------------------------------------------------------------------------------------16. Extend the SWAP Space with 512 MB. Ans: # fdisk -cu /dev/vda {create a partition of 512M and set the id as 82} # reboot # mkswap /dev/vda6 # free -m # swapon /dev/vda6 # free -m # blkid /dev/vda6 # vim /etc/fstab ---------------------------------------------------------------------------------------------------------------------------17. Search the files created by user “deal” and redirect the locations to /root/deal Ans:
18. Search the keyword “ext4” in /root/anaconda-ks.cfg file and store the lines in order in /root/ext4 Ans: # grep ext4 /root/anaconda-ks.cfg | sort > /root/ext4 ---------------------------------------------------------------------------------------------------------------------------19. Restrict the user natasha to assign cron jobs Ans: # vim /etc/cron.deny natasha
17) Download a data.iso file from instructor.example.com and mount it on/iso and make it persistent across reboot. a) iso file path ftp://instructor.example.com/pub/gls/misc/data.iso Ans: # mount -o loop /root/data.iso #
Thank you for interesting in our services. We are a non-profit group that run this website to share documents. We need your help to maintenance this website.