RHCE EXAM

Package Management QUE 1:- Configure your server to use a separate YUM repository.

Solution: -

# vim /etc/yum.repos.d/server.repo [Base]

Name=rhcsa

baseurl=ftp ://< server IP add>/pub/<path>

gpgcheck=0

enable=1

# yum clean all

# yum list all

QUE 2:- Build a simple rpm package. Download the redhat-release SRPM from the materials directory in

server machine

Solution: - Open a web browser and type URL http://server.example.com/pub/materials and download

Redhat-release package under /root

# yum install rpm-build

# rpm –ivh redhat-release-6-6.0.0.24.el6.src.rpm

# cd /root/rpmbuild

# cd SPECS

# rpmbuild –ba redhat-release.spec (here -ba =build binary & source package)

# cd

Security & Access Management QUE 3:- How you can use firewall or tcpwrappers as a Security measure.

Note: tcpwrappers used as a Security measure for RHCSA Exam So Firewall wiil be disable

Solution: -

# iptables –F

# chkconfig iptables off

# service iptables save

# service iptables stop

# service iptables status

Note: - Tcpwrappers are measures in “/etc/hosts.allow” and “/etc/hosts.deny”.

QUE 4:- Selinux must be in enforcing mode

Solution: -

# vim /etc/sysconfig/selinux SELINUX=enforcing

# setenforce 1 (to set selinux mode)

# getenforce (to view selinux mode) Enforcing

# reboot

Kernel management QUE 5.1:- Configure the Kernel parameter for forwarding your IP or Enable IP forwarding.

Solution: - # vim /etc/sysctl.conf net.ipv4.ip_forward = 1

# sysctl –p

QUE 6.1:- Add the kernel parameter “kernctl=5” to the kernel command line in “/boot/grub/grub.conf”

Or

QUE 6.2:- Pass a kernel boot line argument “sysvctl”, make it permanent & it should be displayed by

“cat /proc/cmdline”.

Solution: - Open a grub.conf file and edit the kernel arguments

# vim /boot/grub/grub.conf

Kernctl=5 Or sysvctl

# reboot Check the modified kernel arguments using command line

# cat /proc/cmdline

SSH server QUE 7.1:-Configure SSH Server. Only example.com domain's persons can come in to your machine and

“remote.test” domain's persons cannot for SSH.

Or

QUE 7.2:-Configure SSH access as follows:

1. “Harry” has remote SSH access to your machine from within example.com.

2. Clients within “my133t.org” should NOT have access to ssh on your system.

Solution: - # chkconfig sshd on

# service sshd restart

# vim /etc/hosts.allow sshd: .example.com

# vim /etc/hosts.deny

sshd: .remote.test Or sshd: .my133t.com

(Note: while using hosts.deny & hosts.allow file wild cards should not be used)

Scheduling Tasks QUE 8.1:- To Deny cron service for sarsha user and allow cron service for all users

Or

QUE 8.2:- “bertarm” should not set crontab for himself; other users must configure crontab for themselves.

Solution: - Create said user if user does’ not exit

# useradd sarsha or # useradd bertarm

# passwd sarsha or # passwd bertarm

# vim /etc/cron.deny or # vim /etc/cron.deny Sarsha bertarm

Note: By default all user access cron service

Advance Filesystem Administration

QUE 9.1:- Download iso file from server under “/root” and Mount iso file in “/mnt/virtdisk”

Or

QUE 9.2: “boot.iso” is available in /root directory. Mount it under “/mnt/discimg” directory for permanently.

Solution: -

# yum install wget

# cd /root

# wget http://server.example.com/pub/disk.iso

# mkdir /mnt/virtdisk

# vim /etc/fstab /root/disk.iso /mnt/virtdisk iso9660 defaults,loop 00

# mount -a

# df -Th

QUE.10.1:- Connecting to Cold Storage SAN that will be configured to access its own dedicated iscsi target,

iscsi target IP is 172.24.48.254, iscsi target iqn.201009.com.example:rdisks.serverX, Partition, format

and mount to “/cold storage”

Solution: - Install iscsi package

# yum install iscsi* Connect to the target

# iscsiadm -m discovery -t st -p 172.24.48.254 Then display your iscsi target with start iqn

# vim /etc/iscsi/initiatorname.iscsi InitatorName=iqn.2010-09.com.example:rdisks.serverX

# chkconfig iscsid on

# service iscsid restart

# iscsiadm -m node -T iqn.2010-09.com.example:rdisks.serverX –p 172.24.48.254 –l

# tail /var/log/messages (determine the device name of the iscsi device in the log files)

# fdisk /dev/sda (Create a partition table on the device as required)

# mkfs.ext4 /dev/sda1 (create a file system on partition)

# mkdir /coldstorage (create a mount point for partition)

# blkid /dev/sda1 (determine UUID of partition)

# vim /etc/fstab (create partition mountable on every reboot)

UUID=XXXX-XXXX-XXXX-XXXX /coldstorage ext4, _netdev 00

# mount -a

# df -Th

QUE 10.2:- ISCSI server is available in host.domain60.example.com (172.24.60.250) server for you.

a. Create a 1200 MiB partition.

b. Format it by ext4 filesystem.

c. Copy a file from ftp://rhgls.domain60.example.com/pub/iscsi/iscsi.txt

d. DOT NOT make any modifications to the content of iscsi.txt

e. This partition must be permanently available by “/etc/fstab”.

Solution: - Install iscsi package

# yum install iscsi* wget Connect to the target

# iscsiadm -m discovery -t st -p 172.24.60.250 Then display your iscsi target with start iqn

# vim /etc/iscsi/initiatorname.iscsi InitatorName=iqn.2010-09.com.example:rdisks.serverX

# chkconfig iscsid on

# service iscsid restart

# iscsiadm -m node –T iqn.2010-09.com.example:rdisks.serverX –p 172.24.60.250 –l

# tail /var/log/messages (determine the device name of the iscsi device in the log files)

# fdisk /dev/sda (Create a partition table on the device as required)

# mkfs.ext4 /dev/sda1 (create a file system on partition)

# mkdir /coldstorage (create a mount point for partition)

# blkid /dev/sda1 (determine UUID of partition)

# vim /etc/fstab (create partition mountable on every reboot)

UUID=XX-XX-XX-XX /coldstorage ext4, _netdev 00

# mount -a

# df –Th

DNS Server administration QUE 11:- Configure a caching-only DNS server that forwards requests to the physical host system

Solution: -

# yum install bind Modify the named configuration file

# vim /etc/named.conf listen-on port 53 {any ;};

listen-on port 53 {any ;};

allow-query {localhost; 172.24.48.0/24 ;};

forwarders {172.24.48.254 ;};

Dnssec-query no;

# chkconfig named on

# service named restart Test from the desktop X system (where X is a machine number)

# host serverX.example.com 172.24.48.X (where X is a machine number)

NFS Server Administration QUE 12.1:- Export your “/common” directory via NFS to the example.com domain only.

# mkdir /common

# vim /etc/export /common *.example.com(ro,sync)

# chcon -R --reference=/var/ftp/pub /common

# exportfs -ra

# chkconfig nfs on

# service nfs restart

# showmount -e x.x.x.x (where as x.x.x.x is IP of nfs server)

QUE 12.2:- Export “/share” directory, allow example.com and deny all. The exported directory must be

automatically mounted under “/net/misc/serverX”.

Solution: - # mkdir /share

# vim /etc/exports /share *.example.com(ro,sync)

# exportfs -ra

# chkconfig nfs on

# service nfs restart

# showmount -e x.x.x.x (Where as x.x.x.x is IP of nfs server)

# vim /etc/auto.master /net/misc/serverX /etc/auto.misc (Where X is a your machine number)

# vim /etc/auto.misc Share -ro,sync,intr serverx.example.com:/share

(Where as serverx is nfs server)

# service autofs stop

# service autofs start

# chcon -R --reference=/var/ftp/pub /share (setting Selinux permission)

# cd /net/misc/serverX

# cd share

FTP Server Administration

QUE 13.1:- Configure ftp server. Make access to example.com and deny all.

Or

QUE 13.2:-Configure FTP access on your system:

a. Clients within the example.com domain should have anonymous FTP access.

b. Clients outside example.com should NOT have access to your service.

Solution: -

# yum install vsftpd ftp

# chkconfig vsftpd on

# service vsftpd restart

# vim /etc/hosts.deny Vsftpd: ALL EXCEPT .example.com

QUE 14:- Set up drop-box for anonymous upload should be enabled on “/var/ftp/upload”, Anonymous

Should connects as wx and allow for only your domain

Solution: - Open a Configuration File and uncomment a line

# vim /etc/vsftpd/vsftpd.conf

anon_upload_enable=YES

anon_mkdir_write_enable=YES

# mkdir /var/ftp/upload

# chgrp ftp /var/ftp/upload

# chmod 730 /var/ftp/upload

# yum install libsemanage*

# yum install libsemanage-python

# yum install policycoreutils*

# chkconfig vsftpd on

# service vsftpd restart

# semanage fcontext -a –t public_content_rw_t ‘/var/ftp/upload (/.*)?’

# restorecon -vvFR /var/ftp/upload

# getsebool -a | grep ftp

# setsebool -P allow_ftpd_anon_write=1

# setsebool -P allow_ftpd_full_access=1

# setsebool -P ftp_home_dir=1

Samba Server Administration QUE 15.1:- Configure CIFS server. Share /share directory in such a way that only persons sitting in example

domain whose workgroup is RHCEGROUP and the name of the share will be share. The share

must be read only and the share must be browseable and accessible by user jerry only.

Solution: - Install samba package

# yum install samba Open smb.conf file and edit

# vim /etc/samba/smb.conf

workgroup = RHCEGROUP (Edit a line)

hosts allow = 127. 172.24.48. (Open semicolon and edit line) [share]

comment = samba server

path = /share

writable = no

browseable = yes

valid users = jerry

# Smbpasswd -a jerry

# chkconfig smb on

# service smb restart

# getsebool -a | grep samba

# setsebool -P samba_create_home_dirs=1

# setsebool -P samba_domain_controller=1

# setsebool -P samba_enable_home_dirs=1

# setsebool -P samba_export_all_ro=1

# setsebool -P samba_export_all_rw=1

# setsebool -P use_samba_home_dirs=1

# getsebool -a | grep smb

# setsebool -P allow_smbd_anon_write=1

# smbclient //server.example.com/share -u jerry

Password:

Smb:\>

QUE 15.2:- Share the “/common” directory via SMB:

a. Your SMB server must be a member of the STAFF workgroup

b. The share’s name must be common

c. The common share must be available to example.com domain clients only.

d. The common share must be browseable.

e. Harry must have read access to the share, authenticating with the same password roxicant, if

necessary.

Solution: - Install samba package

# yum install samba Open smb.conf file and edit

# vim /etc/samba/smb.conf workgroup = STAFF (This is name of workgroup) hosts allow = 127. *.example.com (Open semicolon and edit line) [common] (This is share name) comment = Samba Server

path = /common (This is shared path)

writable = no (Write access can be mentioned here) browseable = yes

valid users = Harry (Valid user should be mentioned here)

# Smbpasswd -a harry (set samba login passwd for harry as “roxicant”)

# chkconfig smb on

# service smb restart

# getsebool -a | grep samba

# setsebool -P samba_export_all_ro=1 (Setting read only access to shared path)

# getsebool -a | grep smb

# setsebool -P allow_smbd_anon_write=0 (Setting anonymous access off)

# smbclient //server.example.com/share -u jerry (accessing samba share)

Password:

Smb:\>

Web Server Administration

QUE 16.1:- Configure the http server with document root is the default path. Get your html page from the

server server.example.com/pub/serverX.html. Do not change the contents of your html page.

Or

Solution: - 1. Install the packages required for configuring http server

# yum install httpd wget

2. Configure http server with document root default path

# vim /etc/httpd/conf/httpd.conf < VirtualHost *:80>

ServerAdmin root@serverX.example.com

DocumentRoot /var/www/html

ServerName serverX.example.com

</VirtualHost > (Where X is a your machine number) 3. Setting html page from given path

# cd /var/www/html

# wget http://server.example.com/pub/serverX.html

# mv serverX.html index.html

# chcon -R --reference=/var/www/html index.html

# chkconfig httpd on

# service httpd restart 4. Testing http server

# elinks http://serverX.example.com (Where X is a machine number)

QUE 16.2:- Extend by your web server to host virtual site wwwX.example.com. Document root should be

“/var/www/virtual”. Get your html page from server “server/pub/wwwX.html” to its document

root as index.html. John should be able to write contents to /var/www/virtual

Solution: - Open Configuration file & uncomment the line “NameVirtualHost *:80” to enable virtual hosting

# vim /etc/httpd/conf/httpd.conf NameVirtualHost *:80 (Uncomment this line to enable virtual hosting) < VirtualHost *:80>

ServerAdmin root@serverX.example.com

DocumentRoot /var/www/virtual

ServerName wwwX.example.com

</VirtualHost >

(Where as “wwwX.example.com” is virtual host name)

# mkdir /var/www/virtual

# cd /var/www/virtual

# wget http://server.example.com/pub/wwwX.html

# mv wwwX.html index.html

# chcon -R --reference=/var/www/html /var/www/virtual

# chkconfig httpd on

# service httpd restart

# elinks http://wwwX.example.com (Where X is a machine number) Enable Access control to filesystem for giving write access to John to “/var/www/virtual”

# vim /etc/fstab /dev/mapper/GLSvg-GLSroot / ext4 defaults,acl 1 1

(Note by default need to enable acl in rhel6)

# mount -o remount; /

# mount

# setfacl -m u:john:rwx /var/www/virtual QUE 16.6:- Extend by your web server to host local site localhost.localdomain. Document root should be

“/var/www/localhost”. Get your html page from server server/pub/local.html to its doc root as

index.html.

Solution: - Open Configuration file and last 7 line Copy and paste. Change the lines number (1, 2, 3, 4, 7) and

uncomment changes line. (Line number 5 and 6 will be commented)

# vim /etc/httpd/conf/httpd.conf < VirtualHost *:80>

ServerAdmin root@serverX.example.com (Where X is a your machine number)

DocumentRoot /var/www/localhost

ServerName localhost.localdomain

</VirtualHost >

# mkdir /var/www/localhost

# cd /var/www/localhost

# wget http://server.example.com/pub/local.html

# mv local.html index.html

# chcon -R --reference=/var/www/html /var/www/localhost

# chkconfig httpd on

# service httpd restart

# elinks http://localhost.localdomain

QUE 20:- Creating a Custom Self-Signed Certificate for servserX.example.com that will expire after a year.

The certificate should have the following characteristics: The key should be 1024 bits and should not

be encrypted Country code = local country State = local state Locality = local city Organization =

Red Hat Inc. Common name = serverX.example.com

Solution: - 1. Install following packages for generating certificate

# yum install crypto-utils mod_ssl

# genkey --days 365 serverX.example.com Provide the appropriate input as required while generating certificate & note down the

path of newly generated certificate file & certificate key

2. Open the /etc/httpd/conf.d/ssl.conf”file & change the path of “SSLCertificateFile” &

“SSLCertificateFile” as follows

# vim /etc/httpd/conf.d/ssl.conf # SSLCertificateFile /etc/pki/tls/certs/localhost.crt (old path)

SSLCertificateFile /etc/pki/tls/certs/serverX.example.com.crt

# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key (old path)

SSLCertificateKeyFile /etc/pki/tls/private/serverX.example.com.key

3. Restart the httpd service

# service httpd restart

QUE 16.2: Implement a web server for the site http://station.domain60.example.com, and then perform the

following steps:

a. Download ftp://server1.example.com/pub/rhce/station.html

b. Rename the downloaded file to index.html

c. Copy this index.html to the DocumentRoot of your web server.

d. DO NOT make any modifications to the content of index.html.

QUE 16.4:- Extend your web server to include a virtual host for the site http://www.domain60.example.com

then perform the following steps:

a. Set the DocumentRoot to /var/www/virtual

b. Download ftp://server1.example.com/pub/rhce/www.html

c. Rename the downloaded file to index.html

d. Place this index.html in the DocumentRoot of the virtual host.

e. DO NOT make any modifications to the content of index.html

f. Ensure that harry is able to create content in “/var/www/virtual”.

QUE 16.5: - Create a secret directory in the default DocumentRoot of http://host.domain60.example.com

a. Download ftp://server1.example.com/pub/rhce/station.html to secret directory

b. Rename the downloaded file to index.html

c. DO NOT make any modifications to the content of index.html

d. “secret” is access by any user from your localhost only

e. Other networks host should be deny to access secret.

Mail Server Administration

QUE 17.1:- Configure Postfix. Set up Intranet E-mail for user john. John’s mail should me spooled to

/var/spool/mail/john. Your server should accept from remote networks.

Solution: - # yum install postfix Open a main.cf config file and edit the line

# vim /etc/postfix/main.cf myhostname = serverX.example.com (Uncomment a line and edit)

mydomain = example.com (Uncomment a line and edit)

myorigin = $myhostname (Uncomment a line)

myorigin = $mydomain (Uncomment a line)

inet_interfaces = all (Uncomment a line)

#inet_interfaces = localhost (Comment a line) mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

(Uncomment a line)

mynetworks =127.0.0.1/8, 172.24.48.0/24 (Uncomment a line and edit)

relay_domains = $mydestination (Uncomment a line)

relayhost = $mydomain (Uncomment a line)

#chkconfig postfix on

#service postfix restart

QUE 17.2:- Configure SMTP mail service according to the following requirements:

a. Your mail server should access mail from remote hosts and localhost.

b. Harry must be able to receive mail from remote hosts

c. Mail delivered to harry should spool into the default mail spool for harry i.e.

“/var/spool/mail/harry”.

Solution: -

QUE 18:- Configure a POP3 server. Allow only example.com network and deny all for POP3 server.

Solution: - # yum install dovecot Open dovecot.conf file and uncomment a line

# vim /etc/dovecot/dovecot.conf Protocols = imap pop3 lmtp

# chkconfig dovecot on

# service dovecot restart

# vim /etc/hosts.deny dovecot: ALL EXCEPT .example.com

QUE 19.1:- Configure mail aliases. User jerry should get the mail of principal.

Solution: - # vim /etc/aliases Principal: jerry

# newaliases

QUE 19.2:-Configure an email alias from your MTA such that mail sent to admin is received by the local user

Natasha.

Solution: -

Shell Scripting QUE 21.1:- Using Bash shell Scripts write a shell scripts for the following:

1) Type a “redhat” than display your output “linux”

2) Type a “linux” than display your output “redhat”

3) If both option are not using than display your output “redhat linux”

Solution: - # vim scripts echo “please type redhat or linux”:

read c

case $c in

redhat)

echo “linux”

;;

linux)

echo “redhat”

;;

*)

echo “redhat linux”

;;

esac

# sh scripts

QUE 21.2:- Write a shell script as naming bar.sh stored on /root which meet following requirements:

1. When we give input as “foo”, it should print “bar”

2. If we give input as “bar”, it should print “foo”

3. If we give any other input rather than foo or bar, it should print “/root/bar.sh foo|bar” as an

error.

Solution: -