Configure NFS server to share /common directory with domain30.example.com. Authenticate the clients devices have the access to it as root user.
# yum install -y nfs # systemctl enable nfs # systemctl enable rpcbind # vim /etc/exports /common 172.24.30.0/255.255.255.0(rw,no_root_squash) # showmount -e 172.16.30.5 # mount -t nfs 172.16.30.5:/common /mnt
Configure an email alias for your MTA such that mail sent to admin is received by the local user harry.
# vim /etc/aliases admin: harry # newaliases
Create a Shell script /root/program:
vim /root/program #/bin/bash if [ "$1" == "kernel"] ; then echo "user" elif [ "$1" == "user"] ; then echo "kernel" else echo "Usage: /root/program kernel|user" fi
Test:
chmod a+x /root/program /root/program kernel /root/program user /root/program III
Mount /root/cdrom.iso under/opt/data, and take effect automatically at boot-start.
# cd /opt/ # mkdir data # mount -t iso9660 -o loop /root/cdrom.iso /opt/data # vim /etc/fstab /root/cdrom.iso /opt/data iso9660 defaults,loop 0 0
Download files from http://ip/dir/restricted.htm. Local users have access to it through http://station.domain30.example.com/restircted, but clients within t3gg.com should MOT have access to it.
cd /var/www/html wget http://ip/dir/restricted.htm # iptables -A INPUT -s 172.25.0.0/16 -p tcp -dport 80 -j REJECT # service iptables save # firewalld-cmn
Configuring samba server, share /common, and make it browseable to the user harry shared read-only, if necessary, set for harry password 'harryuser'.
# yum install -y samba # systemctl enable smb.service # useradd harry # smbpasswd -a harry # vim /etc/samba/smb.conf workgroup = STAFF [common] comment = common path = /common browseable = yes read only = yes valid user = harry host allow = 192.168.0.0/24 # testparm # semanage fcontext -a -t samba_share_t '/common(/.*)?' # getsebool -a | grep samba_share_nfs # setsebool -P samba_share_nfs=1 # chcon -R -t samba_share_t /common # systemctl start samba.service # mount -t cifs //172.16.30.5/common /mnt -o username=harry%harryuser
To ensure SELinux on after boot:
# vim /etc/sysconfig/selinux SELINUX=enforcing # setenforce 1 # getenforce
Enable web server http://station.domain30.example.com.
# yum install -y httpd # systemctl enable httpd # cd /etc/httpd/conf/ # vim httpd.conf NameVirtualHost 172.24.30.5:80DocumentRoot /var/www/html/ ServerName station.domain30.example.com # restorecon -Rv /var/www/html/ # systemctl restart httpd # firewall-config
Configure cron as follow: client tom should NOT have access to cron.
useradd tom vim /etc/cron.deny tom
Effective immediately, save and exit.
Configure SSH access as follows: yarry has remote SSH access to your machine from within example.com. Clients within t3gg.com should NOT have access to ssh on your system.
# yum install -y sshd # chkconfig sshd on # vim /etc/hosts.deny sshd: 172.25.0.0/16 #
Configure Kernel parameters rhelblq=1 and enable /proc/cmdline to verify your Kernel parameters.
# vim /etc/grub.conf Write the end ofthe kernel line To see after restart # vim /etc/default/grub GRUB_CMDLINE_LINUX="..." # grub2-mkconfig -o /boot/grub2/grub.cfg After reboot check # cat /proc/cmdline
Configure FTP access as follows, download anonymously from directory: /var/ftp/pub using anonymous is allowed. Clients within t3gg.com should NOT have access to FTP on your system.
# yum install -y vsftpd # systemctl enable vsftpd # systemctl start vsftpd # vim /etc/hosts.deny # vsftpd: 172.25.0.0/16
Please open the ip_forward, and take effect permanently.
# sysctl -a | grep net.ipv4 # vim /etc/sysctl.conf net.ipv4.ip_fotward = 1 #sysctl -w
Configure an email server domian30.example.com, and it requests to send and receive emails from the local server other user harry can send or receive emails from network. The email of user harry is /var/spool/mail/harry. Please note: the DNS server has already been MX record.
# yum install -y postfix # systemctl enable postfix # vim /etc/postfix/main.cf inetinterfaces = all mydestination = example.com, domain30.example.com, localhost mynetworks = 172.16.30.0/24,127.0.0.1/8 # sytemctl start postfix # netstat -tulnp | grep 25 hostname # echo hello | mail -s "test" root@example.com # cat /var/spool/mai/harry
Deploying your exam system: linking to the iscsi target in the instructor.example.com and distinguish it well, then formatted as ext3 file system. You must can be able to mout the file system of the iscsi target to the /mnt/iscsi directory in your own system and make this file system can automatically mount (permanently mount) after system restart.
# iscsiadm --mode discoverydb --type sendtargets --portal instructor.example.com --discover 192.168.0.254:3260,1 iqn.2010-09.com.example:rdisks.server1 # iscsiadm --mode node -targetname iqn.2010-09.com.example:rdisks.server1 --portal instructor.example.com --login Logging in to [iface: default, target: iqn.2010-09.com.example:rdisks.server1, portal: 192.168.0.254,3260] (multiple) Login to [iface: default, target: iqn.2010-09.com.example:rdisks.server1, portal: 192.168.0.254,3260] successful. Note: This part also need to be formatted and modify /etc/fstab mount
Deploy your SMTP mail service and complete it by the following requirements:
# vim /etc/postfix/main.cf, open the following parameters: inet_interfaces = all # systemctl start postfix # systemctl enable postfix
Configure a mail alias to your MTA, for example, send emails to harry but mary actually is receiving emails.
Modify /etc/aliases add: harry: mary harry After completing modification: # newaliases
Notice: This problem is a trap.The ninth questions require harry must be able to receive remote emails but the tenth problems requires mary to receive harry’s emails. So harry msut be added when you are deploying aliaes.
Given the kernel of a permanent kernel parameters: sysctl=1. It can be shown on cmdline after restarting the system. Kernel of /boot/grub/grub.conf should be added finally, as:
Answer: Kernel of /boot/grub/grub.conf should be added finally, as: kernel /vmlinuz-2.6.32-279.1.1.el6.x86_64 ro root=/dev/mapper/vgsrv-root rd_LVM_LV=vgsrv/root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vgsrv/swap rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet rhgb quiet sysctl=1
Configure the web server, and implement the virtual host. http://www.domain30.example.com can access the pages under the directory: http://ip/dir/example.html. And make sure, http://station.domain30.example.com can also access the previous content.
Answer: # mkdir -p /www/virtual # cd /www/virtual # wget http://ip/dir/example.com # cp example.com index.html # semanage fcontext -a -t httpd_sys_content_t ‘/www(/.*)?’ # restorecon -vRF /www # vim /etc/httpd/conf/httpd.conf (Add new VirtualHost)DocumentRoot /www/virtual/ ServerName www.domain30.example.com # chcon -R --reference=/var/www/html/ /www/ # service httpd restart Use elinks to test. OR # mkdir -p /www/virtual # cd /www/virtual # wget http://ip/dir/example.html # mv example.html index.html # chcon -R –reference=/var/www/html/ /www/ # ls -ldZ /www/virtual # vim /etc/httpd/conf/httpd.conf NameVirtualHost *:80DocumentRoot /var/www/html/ ServerName station.domain30.example.com DocumentRoot /www/virtual/ ServerName www.domain30.example.com # service httpd restart
You access the iSCSI shared storage. The storage server IP is 172.24.30.100. Separate of 1500M space, format as ext3 file system, mount under /mnt/data, and make sure the root-start automatically mount.
Answer: # yum install -y iscsi* # systemctl enable iscsid # firewall-cmd --add-port=3260/tcp --permanent # iscsiadm -m discovery -t st -p 172.24.30.100 # iscsiadm -m node -T iqn.2011 -p 172.24.30.100 -l # dmesg|tail # fdisk /dev/sdb9 # mkfs.ext3 /dev/sdb9 # cd /mnt # mkdir data # blkid /dev/sdb1 (Check UUID number) # vim /etc/fstab UUID=xxxxxxxxxxxxxxxxxxxx /mnt/data ext3 _netdev,defaults 0 0 # mount -a # mount
There are two different networks 192.168.0.0/24 and 192.168.1.0/24. Where 192.168.0.254 and 192.168.1.254 IP Address are assigned on Server. Verify your network settings by pinging 192.168.1.0/24 Network’s Host.
Answer: 1. vi /etc/sysconfing/network NETWORKING=yes HOSTNAME=station?.example.com GATEWAY=192.168.0.254 2. service network restart Or 1. vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=X.X.X.X NETMASK=X.X.X.X GATEWAY=192.168.0.254 2. ifdown eth0 3. ifup eth0