7/28/2019 RHCE (1)

1/22

2.vim /etc/sysconfig/network

HOSTNAME=

3. Selinux Enforcing vim /etc/selinux/config

SELINUX=enforcing

sestatus

4. iptables iptables -F

/etc/init.d/iptables save

iptables -L()

chkconfig iptables on

5.(TCP/IP,GATEWAY,DNS)setup

/etc/init.d/network restart

6.Yum , dialog cp /etc/yum.repos.d/rhel-debuginfo.repo /etc/yum.repos.d/a.repovim /etc/yum.repos.d/a.repo

yum clean allYUM

yum list YUM

yum install dialog y

7., 500MB,/data ,, QUOTA( ) ACL( ) : , 1G=1024MB, 1G=1000MB ,, 500MB fdisk l

fdisk /dev/sda

partprobe

mke2fs -j /dev/sda

mkdir /data

echo "/dev/sda /data ext3 usrquota,grpquota,acl 0 0" >> /etc/fstab

mount a

df h

7/28/2019 RHCE (1)

2/22

7/28/2019 RHCE (1)

3/22

cd /share

mkdir test

a. grp1chgrp grp1 test

b.grp1 ,,c. test (SGID)chmod 2775 test B C

17. ftp://server1.example.com/pub/update ,,,wget ftp://server1.example.com/pub/update/*.rpm

rpm -ivh *.rpm

vim /etc/grub.conf

default=0

18. IP Forward ()vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

sysctl p

19., server1.example.com, stationx(x station)/etc/init.d/cups start

chkconfig cups on --ipp --

-- --

20., usr-2 14:30 /bin/echo good_luckcrontab -eu usr-2

30 14 * * * /bin/echo good_luck

/etc/inid.t/crond restart

chkconfig crond on

crontab -lu usr-2

21. NIS , NIS server1.example.com NIS ,NIS rhcss NIS stationx(x station )authconfig-tui

NIS :rhcss :server1.example.com

:yptest

22. autofs , NIS ,server1.example.com NFS :/rhome/stationx(x station ) :/rhome( station1,/rhome/station1)

7/28/2019 RHCE (1)

4/22

vim /etc/auto.master

/rhome /etc/auto.nis

cp /etc/auto.misc /etc/auto.nis

vim /etc/auto.nis

stationX rw,soft,intr server1.example.com:/rhome/stationX/etc/init.d/autofs restart

chkconfig autofs on

su shell

23./etc/fstab /var/tmp ,cp /etc/fstab /var/tmp

a./var/tmp/fstab rootb. rootcd /var/tmp

chown root:root fstab

c. fstab chmod a-x fstab

d. usr-1 ,setfacl -m u:usr-1:rw fstab

e. usr-2 setfacl -m u:usr-2:-- fstab

f.chmod a+r fstab

ll getfacl fstab

24. example.com ssh 25. hack.org ssh vim /etc/hosts.deny

sshd:172.25.0.0/255.255.0.0

26. pop3 yum install dovecot -y

vim /etc/dovecot.conf

20 protocols = imap imaps pop3 pop3s

/etc/init.d/dovecot restart

chkconfig dovecot on

27. SMTP,yum install sendmail-* -y

yum install m4 y

cd /etc/mail

vim sendmail.mc

116 127.0.0.1 0.0.0.0m4 sendmail.mc>sendmail.cf

7/28/2019 RHCE (1)

5/22

vim local-host-names

stationX.example.com

/etc/init.d/sendmail restart

mutt -f imap://usr-1@stationX.example.com

28. example.com pop3 29. hack.org pop3 iptables -A INPUT -p tcp -s 172.25.0.0/16 --dport 110 -j REJECT

iptables -A INPUT -p udp-s 172.25.0.0/16 --dport 110 -j REJECT

iptables -A INPUT -p tcp -s 172.25.0.0/16 --dport 993 -j REJECT

/etc/init.d/iptables save

30., usr-2 usr-1 vim /etc/aliases

# General redirections for pseudo accounts.

usr-1: usr-2

newaliases

31. IMAPS ,vim /etc/dovecot.conf

91 92

a.IMAPS example.com ,IMAPS :cd /etc/pki/tls/certsmake dovecot.pem

dovecot.pem

b. country.state.locality.organizationc.Organizational unit rhcec.Common Name stationx.example.com(x station ). root@stationx.example.com(x station ) dovecot.pem /etc/dovecot 91 92

cp dovecot.pem /etc/pki/dovecot/private/

cp dovecot.pem /etc/pki/dovecot/certs/

/etc/init.d/dovecot restart

mutt -f imaps://usr-1@stationx.example.com

32. ftp yum install vsftpd y

/etc/init.d/vsftpd restart

chkconfig vsftpd on

33. hack.org ftp vim /etc/hosts.denyvsftpd:172.25.0.0/255.255.0.0

7/28/2019 RHCE (1)

6/22

34. Samba ,yum install samba y

cd /etc/samba/

cp smb.conf smb.conf.old samba vim smb.conf

a. SMB rhce74 workgroup = rhce

b. rhce-share

[rhce-share]

path = /share

valid users = usr-1

c./share d.rhce-share e. example.com Samba 80 hosts allow = 127. 172.24.0.( )

f. usr-1 redhat smbpasswd -a usr-1

chcon -t samba_share_t /share selinux SMB

/etc/init.d/smb restart

Smbclient //172.24.0.13/rhce-share -U usr-1

35. NFS ,/share, example.com vim /etc/exports/share 172.24.0.0/24(ro,sync)

/etc/init.d/nfs restart

NFS /etc/init.d/portmap start

chkconfig nfs on

showmount e

36. apache ,yum install httpd-* -y

a. stationx.example.com apache (x station )cd /var/www/html/

wget http://server1.example.com/pub/test.html

b. http://server1.example.com/pub/test.htmlvim /etc/httpd/conf/httpd.conf

985

ServerAdmin root@station13.example.com

DocumentRoot /var/www/html

ServerName station13.example.com

DirectoryIndex test.html

/etc/init.d/httpd restart

http://server1.example.com/pub/test.htmlhttp://server1.example.com/pub/test.html

7/28/2019 RHCE (1)

7/22

37. apache ,a.DocumentRoot /var/www/virtb. http://server1.example.com/pub/virt.html cd /var/www/virt/wget http://server1.example.com/pub/virt.html

vim /etc/httpd/conf/httpd.conf

985

ServerAdmin root@www13.example.com

DocumentRoot /var/www/virt

ServerName www13.example.com

DirectoryIndex virt.html

/etc/init.d/httpd restart

c. http://wwwx.example.com(x station )d. usr-2 /var/www/virt cd /var/www/

setfacl -m u:usr-2:rwx virt/

su usr-2 virt

38. Squid ,yum install squid -y

a. Squid 8080vim /etc/squid/squid.conf

921 8080

b. example.com Squid 574 acl example src 172.24.0.0/255.255.255.0

637 http_access allow example DENY

/etc/init.d/squid restart

chkconfig squid on

39. NTP server1.example.com

RHCT 3.5 3.5 my133t.org 172.25.0.0/255.255.0.0 my133t.org example.com 172.24.0.0/255.255.0.0

YUM YUM :

http://server1.example.com/pub/virt.htmlhttp://server1.example.com/pub/virt.html

7/28/2019 RHCE (1)

8/22

http//server1.example.com/pub/server rW9ySX

IP 172.24.0.XX :255.255.0.0;172.24.254.254DNS:172.24.254.254

vim /etc/hosts172.24.X.X stationX.example.com stationX1 300M/common,

#fdisk /dev/sdapn+300Mw#partprobe#mkfs.ext3 /dev/sda5#mkdir /common#mount /dev/sda5 /common#df -TH#vim /etc/fstab/dev/sda5 /common ext3 defaults 0 0

/dev/sda5

21. e2label /dev/sda5 common

2. echo -e "LABEL=common \t /common \t ext3 \t defaults \t 1

1" >>/etc/fstab

3echo "mount /dev/sda5 /common" >>/etc/rc.local

2 sysusers

andrew sysusers susan sysusers brad shell sysusers

Andrewsusan brad password groudadd sysusersuseradd -G sysusers andrewuseradd -G sysusers susanuseradd -s /sbin/nologin brad

echo password | passwd --stdin andrewecho password | passwd --stdin susan

7/28/2019 RHCE (1)

9/22

echo password | passwd --stdin braduseradd brad vim /etc/passwd brad /sbin/nologin

3 /common/staff /common/staff sysusers sysusers /common/staff

mkdir -p /common/staffchgrp sysusers /common/staff ll -d /common/staffchmod g+w /common/staff;chmod 771 /common/staff ll -d /common/staffchmod g+s /common/staff ll -d /common/staff4. ftp://seerver1.example.com/pub/updates kernel kernel kernel kernel cd /rootmkdir tmp

cd tmpftp server1.example.comftpanonymousgetrpm ivh rpm -ivhftp://seerver1.example.com/pub/updates/kernel* vim /etc/grub.conf vim /boot/grub/grub.conf default=num default=0 1 default=1 2 5 IP Forwarding

vim /etc/syctl.comf net.ipv4.ip_forward=00 1

sysctl -p sysctl.conf cat /proc/sys/net/ipv4/ip_forward

6 IPP(CUPS)

server1.example.com

stationXX Generic-text-only

7/28/2019 RHCE (1)

10/22

system-config-printerprinter namestationXdeiveinternet Printing Protocal(ipp)hostnameserver1.example.comprinter namestationXprinter typeGnericText-only printer

make default printerecho I am stationX. | lprlpqlprm

7 andrew 15:25 /bin/echo hello

crontab -u andrew -e crontab25 15 * * * /bin/echo hello service crond restart#yum install vixie-cron#service crond start#chkconfig crond on#chkconfig --list crond#chkconfig --add crond

#crontab u andrew e25 15 * * * /bin/echo hello

8172.24.254.254 NIS notexample nisuserX X

autofs NIS password nis 1authconfig-tui2 NIS3notexample172.24.254.2544 NIS #getent passwd nis 5 su nisuserX -bash-3.1$ Systemadministrationauthentication NIS

7/28/2019 RHCE (1)

11/22

9 NIS autofs Server1.example.com(172.24.254.254) NFS

/rhome/stationX X nisuserX

Server1.example.com:/rhome/stationX/nisuserX,nisuserX /rhome /rhome/nisuserX

nisuser1 nisuser20 nisuserX station100 nisuser100 server1.example.com:/rhomes/staton100/nisuser100 NFS rhome/nisuser100

1cd /etccp auto.misc rhome.misc

vim /etc/auto.master/rhome /etc/rhome.misc 2vim /etc/rhome.miscstationX -fstype=nfs

172.24.254.254:/rhome/stationX 3service autofs restart autofs4chkconfig autofs on5 su nisuserX [nisuser9@localhost ~]$pwd /rhome/stationX/nisuserX

10/etc/fstab /var/tmp /tmp/fstab /var/tmp/fstab root /var/tmp/fstab root'/var/tmp/fstab /var/tmp/fstab susan /var/tmp/fstab

cp /etc/fstab /var/tmp

7/28/2019 RHCE (1)

12/22

chown root:root /var/tmp/fstab chown root /var/tmp/fstab

chgrp root /var/tmp/fstabchmod u-x,g-x,o-x /var/tmp/fstab

vim /etc/fstab/dev/sda2 /var ext3 defaults,usrquota,acl 0 0setfacl -m u:susan:0 /var/tmp/fstabgetfacl /var/tmp/fstabchmod o+r /var/tmp/fstab r getfacl /var/tmp/fstab

11 home 1G, 950M-1050M #lvdisplay

# lvextend -L 1024M /dev/vg0/home#resize2fs p /dev/vg0/home

lvdata, 500MB,1GB

fdisk /dev/sda ID 8e

partprobemke2fs -j /dev/sda()pvcreate /dev/sda()vgdisplay VG vgextend vg /dev/sda()lvresize -L +500M /dev/vg /lvresize2fs /dev/vg/lvdf h

12 server1.example.com NTP

vim /etc/ntp.conf server server server1.example.com

system-config-date

13 andrew 1024K 2048K dd if=/dev/zero of=/home/andrew/test bs=1Kcount=1024

dd if=/dev/zero of=/home/andrew/test bs=1Kcount=2048

7/28/2019 RHCE (1)

13/22

#vim /etc/fstab/dev/sda2 /home ext3 defaults,usrquota 0 0#mount -o remount /home#quotacheck c /home #quotacheck -avu#ll /home#edquota -u andrew#quotaon avu#cd home#ll aquota.user andrew dd if=/dev/zero of=/home/andrew/test1 bs=1K

count=1024dd if=/dev/zero of=/home/andrew/ test2 bs=1Kcount=2048#vi /etc /rc.local/sbin/quotaon avug #repquota -avu 14 250M RID0/dev/md1 /dev/md1 /shared

# fdisk /dev/sdanln+250Mt fd wnln+250Mt fd w# partprobe# mdam -C /dev/md1 l 0 n 2 /dev/sda8 /dev/sda9#cat /proc/mdstat raid# mkfs.ext3 /dev/md1# mkdir /shared# mount /dev/md1 /shared# vi /etc/fstab/dev/md1 /shared ext3 defaults 0 0#mount -a# df -TH15 1.6G, 600M

#lvdisplay #umount /resize

7/28/2019 RHCE (1)

14/22

#resize2fs f /dev/vg0/resize 600M

#lvreduce L 600M /dev/vg0/resize

#resize2fs p /dev/vg0/resize #mount a

#df TH

1umount / sharel2e2fsck -f /dev/mapper/vg0_lv03 200Mresize2fs -f /dev/mapper/vg0_lv0 200M4e2fsck -f /dev/mapper/vg0_lv05lvresize /dev/vg0/lv0 200M6mount /dev/vg0/lv0 /share17e2fsck -f /share1

16 susan /temp/susan

/temp/susan #mkdir p /temp/susan# find / -user susan -exec cp {} /temp/susan \;

RHCE1SELINUX

vi /etc/sysconfig/selinuxSELINUX=enforcing

:wq

7/28/2019 RHCE (1)

15/22

2 SSH Susan example.com ssh My133t.org SSH iptables Fiptables A INPUT s 172.25.0.0/16 j REJECT

service iptables saveservice iptables restartchkconfig iptables on

3 POP3 Brad POP3 example.com my133t.org POP3

iptables A INPUT s ! 172.24.0.0/16 p tcp dport110 j REJECTiptables A INPUT s ! 172.24.0.0/164 p udp dport 110 j REJECTservice iptables save

#yum -y install dovecot*chkconfig dovecot onservice dovecot restartvim /etc/dovecot.conf protocols service dovecot restartgetsebool a | grep dovecotiptables -A INPUT s 172.24.0.0/16 p tcp dport 110

j ACCEPTiptables -A INPUT p tcp dport 110 j REJECTservice iptables saveservice iptables restart

echo hello,tom | mail s hello tomsu tommutt f pop://tom@station5.example.com

7/28/2019 RHCE (1)

16/22

4 FTP Example.com anonymous Example.com

FTP yum install vsftpd*service vsftpd restartchkconfig vsftpd oniptables A INPUT s ! 172.24.0.0/16 p tcp dport

21 j REJECT

iptables A INPUT s ! 172.24.0.0/164 p udp dport21 j REJECT

service iptables save

yum -y install vsftpdchkconfig vsftpd onservice vsftpd restartgetsebool a | grep ftp

setsebool -P ftp_home_dir 1service vsftpd restartvim /etc/hosts.allow vsftpd: .example.comvim /etc/hosts.deny vsftpd: ALL EXCEPT.example.comnetstat -tulpn | grep vsftpservice iptables saveservice iptables restart

5 SMB /common SMB STAFF

common

example.com browseable Susan

7/28/2019 RHCE (1)

17/22

password

yum install samba.i*chkconfig smb on

vim /etc/samba/smb.confcd /etc/sambagrep v ^# smb.conf >smb.con

[common]workgroup = STAFFpath = /commonhosts allow = 172.24.0.0/16browseable = yesguest ok =yes

:wqservice smb restartsmbclient L //172.24.0.9mkdir /commonchcon t samba_share_t /commonuseradd susansmbpasswd a susanvim /etc/samba/smb.conf[homes] valid service smb restart

6 http://stationX.example.com ftp://server1.example.com/pub/rhce/station.html index.html documentroot index.html

yum install httpd

chkconfig httpd onwget

ftp://server1.example.com/pub/rhce/station.htmlcp station.html /var/www/html/index.htmlvim /etc/httpd/conf/httpd.conf ServerName stationX.example.com

chcon -R --reference=/var/www/html/var/www/html/index.html

service httpd restart

7 NFS /common example.com

7/28/2019 RHCE (1)

18/22

yum install nfsyum install portmapservice portmap startchkconfig portmap on

chkconfig nfs onvi /etc/exports/common 172.24.0.0/16 (rw,sync):wq

service nfs restartshowmount e nfs 8 MTA acctmgr andrew yum install sendmail*

yum install sendmail-cf*vim /etc/mail/sendmail.mc 127.0.0.1 0.0.0.0m4 sendmail.mc > sendmail.cfvim /etc/mail/local-host-names example.comstationX.example.com chkconfig sendmail onservice sendmail restart

vi /etc/aliaseacctmgr: andrew

:wqnewaliase

9 SMTP Susan

susan /var/spool/mail/susan

7/28/2019 RHCE (1)

19/22

7/28/2019 RHCE (1)

20/22

Email address root@stationX.example.comVim /ect/dovecot.conf ssl_cert_file = aa.pem ssl_key_file= aa.pem service dovecot restart

iptables A INPUT s ! 172.24.0.0/16 p tcp dport993 j REJECT

iptables A INPUT s ! 172.24.0.0/16 p udp dport 993 j REJECT

service iptables saveyum install dovecotvi /etc/dovecot.conf

protocols = imap imaps pop3 pop3s

:wqchkconfig dovecot on

service dovecot restartcd /etc/pki./tls/certs

make dovecot.pemvi /etc/dovecot.conf

sslssl

:wq

service dovecot restart

2 web 8080 example.com example.com iptables A INPUT s 172.24.0.0/16 j ACCEPT

yum install squidvi /etc/squid/squid.conf

http_port 8080acl all src 0.0.0.0/0.0.0.0()acl allow_ip(acl ) src 172.24.0.0/16http_access allow allow_ip( http_access

deny all )http_access deny all

:wq

service squid restartchkconfig squid on

mailto:%E8%AE%BE%E5%AE%9A%E4%B8%BAroot@stationX.example.commailto:%E8%AE%BE%E5%AE%9A%E4%B8%BAroot@stationX.example.commailto:%E8%AE%BE%E5%AE%9A%E4%B8%BAroot@stationX.example.commailto:%E8%AE%BE%E5%AE%9A%E4%B8%BAroot@stationX.example.com

7/28/2019 RHCE (1)

21/22

cat /var/log/squid/access.log netstat tpnl | grep 8080

3 http://wwwX.example.comX Documentroot /var/www/virtual ftp://server1.example.com/pub/rhce/www.html index.html documentroot index.html

susan /var/www/virtual Setfacl http://stationX.example.com

Server1.example.com DNS wwwX.example.com

wgetftp://server1.example.com/pub/rhce/www.html

mkdir /var/www/virtual

cp www.html /var/www/virtual/index.htmlvi /etc/httpd/conf/httpd.conf

namevirtualhost 172.24.X.X

documentroot /var/www/virtualservername wwwX.example.com

documentroot /var/www/html

servername stationX.example.com

ftp://server1.example.com/pub/rhce/www.htmlftp://server1.example.com/pub/rhce/www.html

7/28/2019 RHCE (1)

22/22

:wqchcon -R --reference=/var/www/html/var/www/html/index.htmlchcon -R --reference=/var/www/html

/var/www/irtual/index.htmlservice httpd restartchkconfig httpd onvim /etc/fstabcd /var/www/virtualsetfacl m u:susan:rwx virtual setfacl m susan:7 virtualgetfacl virtuallinks wwwX.example.com;links stationX.example.com;ntsysv