RedHat EX300

Task 1

Configure NFS server to share /common directory with domain30.example.com. Authenticate the clients devices have the access to it as root user.

# yum install -y nfs
# systemctl enable nfs
# systemctl enable rpcbind

# vim /etc/exports
/common 172.24.30.0/255.255.255.0(rw,no_root_squash) 

# showmount -e 172.16.30.5
# mount -t nfs 172.16.30.5:/common /mnt

Task 2

Configure an email alias for your MTA such that mail sent to admin is received by the local user harry.

# vim /etc/aliases 
admin: harry 
# newaliases

Task 3

Create a Shell script /root/program:

The shell script will come back to “user” parameter when you are entering“kernel” parameter.
The shell script will come back to “kernel” when you are entering “user” parameter.
It will output the standard error when this script “Usage: /root/program kernel|user” don’t input any parameter or the parameter you inputted is entered as the requirements.

vim /root/program 

#/bin/bash
if [ "$1" == "kernel"] ; then 
     echo "user"
elif [ "$1" == "user"] ; then
     echo "kernel"
else
     echo "Usage: /root/program kernel|user" 
fi

Test:

chmod a+x /root/program 
/root/program kernel 
/root/program user 
/root/program III

Task 4

Mount /root/cdrom.iso under/opt/data, and take effect automatically at boot-start.

# cd /opt/ 
# mkdir data
# mount -t iso9660 -o loop /root/cdrom.iso /opt/data 
# vim /etc/fstab 
/root/cdrom.iso /opt/data iso9660 defaults,loop 0 0

Task 5

Download files from http://ip/dir/restricted.htm. Local users have access to it through http://station.domain30.example.com/restircted, but clients within t3gg.com should MOT have access to it.

cd /var/www/html
wget http://ip/dir/restricted.htm

# iptables -A INPUT -s 172.25.0.0/16 -p tcp -dport 80 -j REJECT 
# service iptables save

# firewalld-cmn

Task 6

Configuring samba server, share /common, and make it browseable to the user harry shared read-only, if necessary, set for harry password 'harryuser'.

# yum install -y samba 
# systemctl enable smb.service
# useradd harry 
# smbpasswd -a harry 

# vim /etc/samba/smb.conf 
workgroup = STAFF

[common]
comment = common 
path = /common 
browseable = yes 
read only = yes 
valid user = harry
host allow = 192.168.0.0/24

# testparm
# semanage fcontext -a -t samba_share_t '/common(/.*)?'
# getsebool -a | grep samba_share_nfs 
# setsebool -P samba_share_nfs=1 
# chcon -R -t samba_share_t /common
# systemctl start samba.service

# mount -t cifs //172.16.30.5/common /mnt -o username=harry%harryuser

Task 7

To ensure SELinux on after boot:

# vim /etc/sysconfig/selinux 
SELINUX=enforcing 

# setenforce 1 
# getenforce

Task 8

Enable web server http://station.domain30.example.com.

# yum install -y httpd 
# systemctl enable httpd 
# cd /etc/httpd/conf/ 
# vim httpd.conf

NameVirtualHost 172.24.30.5:80 
 
DocumentRoot /var/www/html/
ServerName station.domain30.example.com


# restorecon -Rv /var/www/html/
# systemctl restart httpd
# firewall-config

Task 9

Configure cron as follow: client tom should NOT have access to cron.

useradd tom
vim /etc/cron.deny
tom

Effective immediately, save and exit.

Task 10

Configure SSH access as follows: yarry has remote SSH access to your machine from within example.com. Clients within t3gg.com should NOT have access to ssh on your system.

# yum install -y sshd 
# chkconfig sshd on 
# vim /etc/hosts.deny 
sshd: 172.25.0.0/16

#

Task 11

Configure Kernel parameters rhelblq=1 and enable /proc/cmdline to verify your Kernel parameters.

# vim /etc/grub.conf
Write the end ofthe kernel line
To see after restart

# vim /etc/default/grub
GRUB_CMDLINE_LINUX="..."

# grub2-mkconfig -o /boot/grub2/grub.cfg

After reboot check
# cat /proc/cmdline

Task 12

Configure FTP access as follows, download anonymously from directory: /var/ftp/pub using anonymous is allowed. Clients within t3gg.com should NOT have access to FTP on your system.

# yum install -y vsftpd 
# systemctl enable  vsftpd 
# systemctl start   vsftpd
# vim /etc/hosts.deny 
# vsftpd: 172.25.0.0/16

Task 13

Please open the ip_forward, and take effect permanently.

# sysctl -a | grep net.ipv4
# vim /etc/sysctl.conf 
net.ipv4.ip_fotward = 1 

#sysctl -w

Task 14

Configure an email server domian30.example.com, and it requests to send and receive emails from the local server other user harry can send or receive emails from network. The email of user harry is /var/spool/mail/harry. Please note: the DNS server has already been MX record.

# yum install -y postfix 
# systemctl enable  postfix  
# vim /etc/postfix/main.cf 
inetinterfaces = all
mydestination = example.com, domain30.example.com, localhost 
mynetworks = 172.16.30.0/24,127.0.0.1/8 

# sytemctl start postfix 

# netstat -tulnp | grep 25 hostname
# echo hello | mail -s "test" root@example.com 
# cat /var/spool/mai/harry

Task 15

Deploying your exam system: linking to the iscsi target in the instructor.example.com and distinguish it well, then formatted as ext3 file system. You must can be able to mout the file system of the iscsi target to the /mnt/iscsi directory in your own system and make this file system can automatically mount (permanently mount) after system restart.

# iscsiadm --mode discoverydb --type sendtargets --portal instructor.example.com --discover
192.168.0.254:3260,1 iqn.2010-09.com.example:rdisks.server1

# iscsiadm --mode node -targetname iqn.2010-09.com.example:rdisks.server1 --portal instructor.example.com --login
Logging in to [iface: default, target: iqn.2010-09.com.example:rdisks.server1, portal: 192.168.0.254,3260] (multiple)
Login to [iface: default, target:
iqn.2010-09.com.example:rdisks.server1, portal:
192.168.0.254,3260] successful.

Note: This part also need to be formatted and modify /etc/fstab mount

Task 16

Deploy your SMTP mail service and complete it by the following requirements:

Your mail service must can receive the local and remote mails
harry must can receive the remote mail
The mail which is delivered to mary should be put into the mail /var/spool/mail/mary

# vim /etc/postfix/main.cf, open the following parameters:

inet_interfaces = all

# systemctl start postfix
# systemctl enable postfix

Task 17

Configure a mail alias to your MTA, for example, send emails to harry but mary actually is receiving emails.

Modify /etc/aliases

add: 
harry: mary harry
After completing modification:
# newaliases

Notice: This problem is a trap.The ninth questions require harry must be able to receive remote emails but the tenth problems requires mary to receive harry’s emails. So harry msut be added when you are deploying aliaes.

Task 18

Given the kernel of a permanent kernel parameters: sysctl=1. It can be shown on cmdline after restarting the system. Kernel of /boot/grub/grub.conf should be added finally, as:

Answer: 
Kernel of /boot/grub/grub.conf should be added finally, as:

kernel /vmlinuz-2.6.32-279.1.1.el6.x86_64 ro
root=/dev/mapper/vgsrv-root
rd_LVM_LV=vgsrv/root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vgsrv/swap rd_NO_MD
SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
rhgb quiet
rhgb quiet sysctl=1

Question 20

Configure the web server, and implement the virtual host. http://www.domain30.example.com can access the pages under the directory: http://ip/dir/example.html. And make sure, http://station.domain30.example.com can also access the previous content.

Answer: 
# mkdir -p /www/virtual 
# cd /www/virtual
# wget http://ip/dir/example.com
# cp example.com index.html
# semanage fcontext -a -t httpd_sys_content_t ‘/www（/.*)?’
# restorecon -vRF /www

# vim /etc/httpd/conf/httpd.conf    (Add new VirtualHost)

  DocumentRoot /www/virtual/
  ServerName www.domain30.example.com


# chcon -R --reference=/var/www/html/ /www/ 
# service httpd restart

Use elinks to test.

OR

  # mkdir -p /www/virtual
  # cd /www/virtual
  # wget http://ip/dir/example.html
  # mv example.html index.html
  # chcon -R –reference=/var/www/html/ /www/
  # ls -ldZ /www/virtual
  # vim /etc/httpd/conf/httpd.conf
     NameVirtualHost *:80
      
     DocumentRoot /var/www/html/
     ServerName station.domain30.example.com
      
      
     DocumentRoot /www/virtual/
     ServerName www.domain30.example.com
      
  # service httpd restart

Question 21

You access the iSCSI shared storage. The storage server IP is 172.24.30.100. Separate of 1500M space, format as ext3 file system, mount under /mnt/data, and make sure the root-start automatically mount.

Answer:
# yum install -y iscsi* 
# systemctl enable iscsid 
# firewall-cmd --add-port=3260/tcp --permanent
# iscsiadm -m discovery -t st -p 172.24.30.100
# iscsiadm -m node -T iqn.2011 -p 172.24.30.100 -l

# dmesg|tail 
# fdisk /dev/sdb9 
# mkfs.ext3 /dev/sdb9 
# cd /mnt 
# mkdir data 
# blkid /dev/sdb1   (Check UUID number)

# vim /etc/fstab
UUID=xxxxxxxxxxxxxxxxxxxx /mnt/data ext3 _netdev,defaults  0 0
# mount -a
# mount

Question 22

There are two different networks 192.168.0.0/24 and 192.168.1.0/24. Where 192.168.0.254 and 192.168.1.254 IP Address are assigned on Server. Verify your network settings by pinging 192.168.1.0/24 Network’s Host.

Answer:
1. vi /etc/sysconfing/network
NETWORKING=yes
HOSTNAME=station?.example.com
GATEWAY=192.168.0.254
2. service network restart
Or
1. vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=X.X.X.X
NETMASK=X.X.X.X
GATEWAY=192.168.0.254
2. ifdown eth0
3. ifup eth0