RHCSA(EX200) & RHCE(EX300) PaperRead all the instructions carefullyRHCSA exam is 2.5 hours long. 300 Marks-------------Min Marks is 210.RHCE exam is 2.0 hours long. 300 Marks-------------Min Marks is 210.Student have to bring original photo ID proof with himself/herself & Passport size photograph.Fill up the form. After filling form you will be provided with username and password for the base machine. Here provide password is for local user, not admin.Login to the base machine.After login to the base machine you are suppose to see a file on the Desktop in which information regarding the exam is given.There is also an icon on the Desktop by clicking which you will be able to access your Virtual Machine.You will solve all the questions in virtual machine.As there is no Browser installed on Virtual Machine, you are supposed to open your exam paper in Base Machine.The packages can be installed using FTP fromftp://192.168.0.254/pub/rhel6/dvdRHCSA PAPER1). First step is to crack password of Virtual MachineOn start up the cpu press E (for edit)Now go to on second linePress E(for edit) Now give space and write 1(or s) then press enterNow press bNow we change password for rootsetenforce 0 passwd rootreboot2). setup a ip addr for virtual macine as ip addr 192.168.0.y subnet mask 255.255.255.0 Default gateway 192.168.0.254 nameserver 192.168.0.254 and hostname as serverx.example.com ( where "x" is the fourth byte of base machine ip & y=x+100 ).

Rite click on Network Manager(In graphical)Edit connectionsAddIPv4 settingNow select manualNow click on addAdd details as per above mentionedApplyService NetworkManager restartChkconfig NetworkManager onHostnameHostname serverX.example.comVim /etc/sysconfig/networkNow edit hostname- HOSTNAME=serverx.example.comService network restartNslookup serverX.example.comPing 192.168.0.254Ethtool eth0

Iptables FService iptables saveService iptables restartChkconfig iptables on

By default firefox is not installed on VM so we can install firefox on VMFirst create yumVim /etc/yum.repos.d/exam.repo[exam]Baseurl= ftp://192.168.0.254/pub/rhel6/dvd Gpgcheck=0

3). Create a new PartitionYour system has a new physical partition mounted under/commonwith a400MiBext4 file system.[Note: Because partition sizes are seldom exactly whatever specified when they are created, anything within the range of 350 to 450MB is acceptable.]

Fdisk l /dev/vdaFdisk /dev/vdaNE39837Whole memoryEnterWFdisk /dev/vdaNLEnter+400MwPartx a /dev/vdaMkfs.ext4 /dev/vda5Mkdir /commonVim /etc/fstab/dev/vda5/commonext4defaults0 0Mount aDf h4). Create the following users, groups, and group memberships:Create the following users, groups, and group memberships:A group named sysadmin.A user natasha who belongs to sysadmin as a secondary group.A user sarah who also belongs to sysadmin as a secondary group.A user harry who does not have access to an interactive shell on the system, and who is not a member of sysadmin.natasha, sarah and harry should all have the password of thuctive.

Groupadd sysadminUseradd NatashaUsermod G sysadmin NatashaUsermod G sysadmin sarahUseradd s /sbin/nologin harryPasswd NatashaThuctivePasswd sarahThuctivePasswd harryThuctive

5). Create a collaborative directoryCreate a collaborative directory/common/adminwith the following characteristics:Group ownership of /common/admin is sysadmin.The directory should be readable, writable, and accessible to members of sysadmin, but not to any other user.(It is understood that root has access to all files and directories on the system.)Files created in /common/admin automatically have group ownership set to the sysadmin group.

Mkdir /common/adminChgrp sysadmin /common/adminLl d /common/adminChmod 770 /common/adminChmod 2770 /common/admin( for making group ownership to sysadmin group)Su natashaCd /common/admin/Touch arpLs lexit

6). Install the appropriate kernelInstall the appropriate kernel update from:ftp://instructor.example.com/pub/updatesThe following criteria must also be met:The updated kernel is the default kernel when the system is rebooted.The original kernel remains available and bootable on the system.

Click on linkAfter that you will find two rpm packages1) Kernel 2) kernel FirmwareDownload both of them on desktopFirst install kernel-firwareNow install kernelJust by double click on themEntries of kernel will be in vim /boot/grub/grub.conf7). Enable IP forwarding on your machineEnable IP forwarding on your machineVim /etc/sysctl.confAt Line no 7 net.ipv4.ip-forward=1Sysctl p(for cross check)8). Implement a web serverImplement a web server for the site http://serverx.example.com then perform the following steps:-Downloadftp://instructor.example.com/pub/rhce/station.htmlRename the downloaded file to index.htmlCopy this index.html to the Document Root of your web serverDo NOT make any modifications to the content of index.html

Yum install httpd* yCd /var/www/htmlWget ftp://instructor.example.com/pub/rhce/station.htmlLsMv station.html index.htmlService httpd restartChkconfig httpd on

9). Resize the Lvm partitionResize the Lvm partition "home" to 150MiB.

WLvdisplayDf hUmount /dev/vgsrv/homeE2fsck f /dev/vgsrv/homeResize2fs /dev/vgsrv/home 150MLvreduce L 150M /dev/vgsrv/homeMount aLvdisplayDf h

For extend we use following commandLvextend L 250M /dev/vgsrv/homeResize2fs -f /dev/vgsrv/homeMount -a

10). Configure FTP accessConfigure FTP access on your system:Clients within the example.com domain should have anonymous FTP access to your machine

Yum install vsftpdService vsftpd restartChkconfig vsftpd on

Booleans on of Selinuxgetsebool -a | grep ftp (1,5)setsebool P Boolean name on

11). Configure a cron jobThe user natasha must configure a cron job that runs daily at 14:23 local time and executes /bin/echo hiya

Crontab u natasha e23 14 * * * /bin/echo hiyaService crond restartChkconfig crond onCrontab u natsah -l12). SELinux must be running in the Enforcing mode.SELinux must be running in the Enforcing mode.sestatusSetenfoce 1Vim /etc/Selinux/configgetenforce13). Copy the file /etc/fstab to /var/tmpCopy the file /etc/fstab to /var/tmp. Configure the permissions of/var/tmp/fstab so that:The file /var/tmp/fstab is owned by the root user.The file /var/tmp/fstab belong to the group root.The file /var/tmp/fstab should not be executable by anyone.The user natasha is able to read and write /var/tmp/fstab.The user sarah can neither write nor read /var/tmp/fstab.[Note: all other users (current or future) have the ability to read/var/tmp/fstab.]

Cp /etc/fstab /var/tmpLl /var/tmp/fstabSetfacl m u:Natasha:rw- /var/tmp/fstabSetfacl m u:sarah:--- /var/tmp/fstabGetfacl /var/tmp/fstab

14). Configure NTPConfigure your system so that it is an NTP client of instructor.example.com.

Ntpdate b 192.168.0.254

Service ntpd stopVim /etc/ntp.confServer 192.168.0.254Service ntpd startChkconfig ntpd on

15). Find the filesFind files in your system which is owned by natasha user & copy all the files on /backup/somefile directory

wFind / -user natashaFind / -user Natasha -exec cp -rvf {} /backup/somefile/ \;Mkdir p /backup/somefile;find / -user Natasha exec cp a rvf {} /backup/somefile \;Ls l /backup/somefile/

16). Create a swap partitionCreate a SWAP partition of 450 megabyte and make available at next reboot.

Free mFdisk /dev/vdaNL+450MT682 WPartx a /dev/vdaMkswap /dev/vda6Swapon /dev/vda6Free mVim /etc/fstab/dev/vda6swapswapdefaults0 0Mount aFree m

17). Authenticate users from LDAP Directory ServersAuthenticate users from LDAP Directory Servers which have:ServerName: instructor.example.com. Base DN: dc=example,dc=com.Download certificate from ftp://instructor.example.com/pub/EXAMPLE-CA-CERTAuthenticate with users ldapuserx with have password of password.Configure autofs such that server's home directory instructor.example.com:/home/guests/ldapuserx mounted on /home/guests/ldapuserx.

Now ldap client configurationYum install openldap* -ySystem-config-authenticationFirst choose Identity & Authentication tabIn user account configuration choose ldap userNow write Base DN: dc=example,dc=com

& ldap server name: instructor.example.comNow click on use TLS to encrypt

Now click on Download CA certificate

Now enter url as ftp://instructor.example.com/pub/EXAMPLE-CA-CERT

Now in authentication method choose ldap password

Chkconfig sssd on

Su ldapuser7Here is showing error. For removing error we make directory & mount server directory on thisMkdir p /home/guest/ldapuser7Mount 192.168.0.254:/home/guests/ldapuser7/home/guests/ldapuser7Su ldapuser7Logout

Now we can also use other way to do this taskAdd entry in fileVim /etc/auto.master/home/guests/etc/auto.miscAdd other entry in file asVim /etc/auto.micsLdapuser7-rw,soft,intrinstructor.example.com:/home/guests/ldapuser7

Due to bug first make service stop & then startService autofs stopService autofs startChkconfig autofs onSu ldapuser7

18). Create a user with uidCreate the following user name neo with uid 1337 and set the password password:Useradd u 1337 neoTail -1 /etc/passwdPasswd neoPassword

19). Create the lvm partition with P.E.Create the volume group with name myvol with 8 MiB P.E. and create the lvm name mydatabase with the 20 P.E. and format this lvm with vfat and create a directory /database and mount this lvm permanently on /database.

Fdisk /dev/vdaNL+167MT78eWPartx a /dev/vdaPvcreate /dev/vda7Vgcreate s 8M myvol /dev/vda7Vgdisplay MyvolLvcreate L 160M n mydatabase myvolLvdisplayMkfs.vfat /dev/myvol/mydatabaseMkdir /databaseVim /etc/fstab/dev/myvol/mydatabase/databasevfatdefaults0 0Mount aDf h

20). Find the stringFind the string root from /etc/passwd file and save the result in /searchfile.Grep root /etc/passwd > /searchfileCat /search/usr/local/sbin/install-vserver( for Installation virtual machine)RHCE PAPERTwo Network have been given hereexample.com-------192.168.0.0/255.255.255.0cracker.org---------172.24.0.0/255.255.0.0iptables -Fservice iptables saveservice iptables restartchkconfig iptables onNow create yum1). Configure SSH accessConfigure SSH access as follows:sarah has remote SSH access to your machine from within example.comClients within cracker.org should NOT have access to ssh on your System

vim /etc/ssh/sshd_configallowusers sarah roothere we use TCP wrapper secruity. we make some entries as such followsvim /etc/hosts.allowsshd: 192.168.0.0/255.255.255.0vim /etc/hosts.denysshd: 172.24.0.0/255.255.255.0service sshd restartchkconfig sshd on2). Restrict crontabUser neo should not be able to use crontab.for this make entries in below mentioned filevim /etc/cron.denyneoservice crond restartchkconfig crond on3). Configure FTP accessConfigure FTP access on your system:Clients within the example.com domain should have anonymous FTP access to your machineClients outside example.com should NOT have access to your FTP service.

yum install vsftpd* -yyum installl ftp* -yvim /etc/hosts.allowvsftpd: 192.168.0.0/255.255.255.0vim /etc/hosts.denyvsftpd: ALLservice vsftpd restartchkconfig vsftpd onftp 192.168.0.110ftp 127.0.0.1Boolean again on as previous question in ftpGetsebool a | grep ftpAllow_ftpd_annon_write(1)ftp_home_dir(5)setsebool P Allow_ftpd_annon_write 1setsebool P ftp_home_dir 1

4). Share the /common directory via SMBShare the /common directory via SMB:Your SMB server must be a member of the STAFF workgroupThe shares name must be common.The shared share must be available to example.com domain clients onlyThe shared share must be browseable.sarah must have read access to the share, authenticating with the same password flectrag, if necessary.

mkdir /commonyum install samba* -y

vim /etc/samba/smb.confworkgroup=STAFF[common]path=/commonbrowseable=yesvalid users=sarahhosts allow=192.168.0.0/255.255.255.0read only=yes

useradd sarahsmbpasswd -a sarahls -lz /etc/samba/smb.confll dZ /commonll dZ /etc/sambachcon -t samba_etc_t /commonservice smb restartchkconfig smb onsmbclient //192.168.0.110/common -U sarah

5). Implement a web serverImplement a web server for the site http://serverX.example.com then perform the following steps:-Download ftp://instructor.example.com/pub/rhce/station.htmlRename the downloaded file to index.htmlCopy this index.html to the Document Root of your web serverDo NOT make any modifications to the content of index.html

yum install httpd* -ycd /var/www/htmlwget ftp://instructor.example.com/pub/rhce/station.htmlmv station.html index.htmlvim /etc/httpd/conf/httpd.confNameVirtualHost 192.168.0.110:80

Document Root /var/www/htmlservername server10.example.com

service httpd restartchkconfig httpd onclients http://server10.ecample.com

6). Extend your web serverExtend your web server to include a virtual host for the site http://wwwx.example.com/, where x is your station number, then perform the following steps:Set the DocumentRoot to /var/www/virtualDownload ftp://instructor.example.com/pub/rhce/www.htmlRename the downloaded file to index.htmlPlace this index.html in the DocumentRoot of the virtual hostDo NOT make any modifications to the content of index.htmlEnsure that sarah is able to create content in /var/www/virtual[Note: The original web site http://serverX.example.com must still eaccessable. DNS resolution for the hostname wwwx.example.com is already provided by the name server on instructor.example.com.]

mkdir /var/www/virtualcd /var/www/virtualwget ftp://instructor.example.com/pub/rhce/www.htmlmv www.html index.htmlvim /etc/httpd/conf/httpd.confNameVirtualHost 192.168.0.110:80

Document Root /var/www/htmlservername server10.example.com

Document Root /var/www/virtualservername www10.example.com

service httpd restartchkconfig httpd onclients http://server10.ecample.comclients http://www10.example.comsetfacl -m u:sarah:rw /var/www/virtual

7). Configure Web Server accessImplement a web server for the site http://serverX.example.com then perform the following steps:-Create a directory in your DocumentRoot named "restrict"Download ftp://instructor.example.com/pub/rhce/station.htmlRename the downloaded file to index.htmlCopy this index.html to the "restrict" directory in the DocumentRoot of your web serverDo NOT make any modifications to the content of index.html"restrict" directory should not be accessible to anyone except example.com network

yum install httpd* -y;mkdir /var/www/html/restrict;cd /var/www/html/restrict;wget ftp://instructor.example.com/pub/rhce/station.html; mv station.html index.html;vim /etc/httpd/conf/httpd.conf

order allow,denyallow from 192.168.0.0

service httpd restartchkconfig httpd on

8). Export your /common directory via NFSExport your /common directory via NFS to the example.com Domain only.

[Note: because you will not have root access, you will not be able to directly Mount your exported /common directory using your guest account on the system provided for testing. However, the auto-mounter on the system has been configured such that it will automount your /common directory under /home/guestx/nfs/stationx, where x is your station number. Consequently, successful execution of ls /home/guestx/nfs/stationx indicates that the automounter was able to automount your NFS share.]

Rpm q nfs-utilsYum install nfs-utilsVim /etc/exports/common 192.168.0.0/255.255.255.0(ro,sync)Service nfs restartChkconfig nfs onService rpcbind restartChkconfig rpcbind onShowmount -e9). Configure an email aliasConfigure an email alias for your MTA such that mail sent to admin is received by the local user sarah.Vim /etc/aliasesAdmin:sarah( add this entry to at the last of the file)Now save the file & run the following command:Newaliases

10). Configure SMTP mail serviceConfigure SMTP mail service according to the following requirements:Your mail server should accept mail from remote hosts and localhost.Sarah must be able to receive mail from remote hosts. Mail delivered to sarah should spool into the default mail spool for sarah, /var/spool/mail/sarah.

Yum install postfix* -yVim /etc/postfix/main.cfAt line no 113Inet_interfaces = all#inet_interfaces = localhostService postfix restartChkconfig postfix onYum install telnet* -ytelnet 127.0.0.1 25quittelnet 192.168.0.110 25quit

11). Mount iso imageDownloadftp://instructor.example.com/pub/iso/boot.isomount this iso permanently as a read only on /mnt/iso

mkdir /mnt/isovim /etc/fstab/root/Desktop/boot.iso/mnt/isoiso9660defaults,loop,ro0 0Mount aDf h

12). Configure an iscsiDicover an ISCSI device on your system and create a partition on that device of size 10 MiB mounted under directory /iscsi. Create a file named abc.txt in /iscsi directory. Configure permission of that file such that user sarah can read, write and execute this file.yum install iscsi-initiator-utils yiscsiadm m discovery -t st -p 192.168.0.254:3260Trying to login with the iSCSINow copy iqn.2012-10.com.example:disk1Iscsiadm -m node -T iqn.2012-10.com.example:disk1 -p 192.168.0.254:3260 -lfdisk l

fdisk /dev/sdamake 10MB partitionpartprobe /dev/sdamkfs.ext4 /dev/sda1Checking the UUID for diskblkid /dev/sda1now copy UUID="71e86162-011d-49f1-9b4a-9f95a277e6b5"Add the next entry in /etc/fstab fileVim /etc/fstabUUID=71e86162-011d-49f1-9b4a-9f95a277e6b5 /iscsi ext4 defaults,_netdev,acl 0 0

Mkdir /iscsiMount aDf hCd /iscsi/Touch abc.txtSetfacl m u:sarah:rwx /iscsi/abc.txt

13). Configure scriptCreate a script in /progrram with the name script.sh to do the followingWhen kernel is passed as an argument then the output is user.When user is passed as argument then the output is kernel.When neither kernel nor user is passed then the output is "--stdin error".

Mkdir /progrramCd /programTouch script.shChmod +x script.shVim script.sh#!/bin/bashIf [ $1 == kernel ]ThenEcho userElif [ $1 == user ]ThenEcho kernelElseEcho stdin errorfiNow save the file and run test.Sh script.sh

14). Pass the parameter to kernelPass the parameter to kernel.Pass the parameter "kernelbp=1" to the kernel.

Enter this value at the last of the line kernel in /etc/grub.confVim /etc/grub.confNow save and restart the machineAnd now check with this Cat /proc/cmdline