RHCT & RHCE

Setting up network:-

# ifdown eth0

# vi /etc/sysconfig/network-scripts/ifcfg-eh0

BOOTPROTO = none

IPADDR = 172.24.0.x

GATEWAY = 172.24.0.1

ONBOOT= yes (save )

# ifup eth0

Setting up hostname:-

# vi /etc/sysconfig/network

HOSTNAME = stationx.example.com ( save )

# vi /etc/hosts

172.24.0.x stationx.example.com stationx ( save)

# service network restart

# hostname -> will show the hostname

If hostname is not updated then

# echo “stationx.example.com” > /proc/sys/kernel/hostname

# vi /etc/resolve.conf

Search example.com

nameserver 172.24.254.254 ( save )

RHCT EXAM

1. Your system must have a partition of size 300MB mounted on the directory /mnt/policy

The partion shoukd be formatted to ext3 filesystem

# fdisk -l

# fdisk /dev/sda

Type n

First cylinder : default

Last cylinder : +300M

Type w -> to save

# partprobe /dev/sda

# mkfs.ext3 /dev/sdax

# mkdir /mnt/policy

# mount /dev/sdax /mnt/policy

# vi /etc/fstab

/dev/sdax /mnt/policy ext3 default 0 0 ( save )

# mount -o remount /mnt/policy

2. Configure yum repository with this url ftp://server1.example.com/pub/Server

# vi /etc/yum.repos.d/yum.repo (or ) yum.conf

[yum]

baseurl = ftp://server1.example.com/pub/Server

enabled = 1

gpgcheck = 0 ( save )

# yum clean all

# yum list

3. Set your selinux to enforcing mode

# getenforce

# vi /etc/selinux/config

selinux = enforcing ( save )

# setenforce 1

4. Configure your system such that your system has following characteristics Your system has a group named system Your system has a user named paul with secondary group as system Your system has a user named tony with secondary group as system Your system has a user named jony who does not have an interactive shell to login All the users possess a password of password

# groupadd system

# useradd paul

# useradd tony

# useradd jony

# usermod -G system paul

#usermod -G system tony

# usermod -G system jony

# passwd paul ( enter password as password )

#passwd tony ( enter password as password )

# passwd jony ( enter password as password )

# usermod -s /sbin/nologin jony

5. Create a collaborative directory /common/system with the following characteristics The group owner of the dirctory is system The directory should be readable, writable by he users of group system.no other users shoukd

have read permission on the directory.( note: root is owner of the directory ) Files created in this directory should have autonatically group ownership set to system

# mkdir -P /common/system

# chgrp -R system /common/system

# chmod -R 2770 /common/system ( OR) # chmod g+s /common/system

# su – paul

$ cd /common/system

$ touch file1

# su - tony

$ cd /common/system

$ touch file2

6. Enable IP forwarding

# vi /etc/sysctl.conf

Inet.ipv4.ip_forward = 1 ( save )

# sysctl - P ->to bring immediate effect

7. Copy the file /etc/fstab to /var/tmp the file should have the following characteristics The file owner is root and group owner is root The user paul has both read and write access for the file The user tony has neither read nor write access set to the file All other users ( current or future ) have read access to the file

# vi /etc/fstab

/var default,acl 0 0 ( save )

# mount –o remount /var

# cp /etc/fstab /var/tmp

# setfacl - m u:paul:rw /var/tmp/fstab

# setfacl - m u:tony:--- /var/tmp/fstab

# chmod 664 /var/tmp/fstab

# su - paul

$ vi /var/tmp/fstab (enter to file )

# su - tony

$ vi /var/tmp/fstab ( permission denied )

8. Configure a cron job for the user paul such the following command is executed daily ay 15:25 hours. /bin/echo hello

# crontab -e -u paul ( OR )

# su - paul

# crontab -e

25 15 * * * /bin/echo hello ( save )

# crontab - l

9. Configure your system as NIS client of domain RHCE servered by 172.24.254.254 the nisuserx is able to login in your

System where x is station number. The suer will not get his home directory downloaded till you complete your autofs requirement.

# rpm -q ypbind -> if not there

# yum install ypbind

# service ypbind restart

# chkconfig ypbind on

# authconfig-tui

Select use NIS [*]

[ ok ]

DOMAIN : RHCE

SERVER : 172.24.254.254

[ ok ]

# nisdomainname -> to show NISDOMAIN

# su - nisuserx -> to verify

10. Sonfigure autofs to automount the home directories of NIS users. Note the following Server1.example.com ( 172.24.254.254 ) NFS exports /rhome/stationx/nisuserx Niduserx home directory is sever1.example.com:/rhome/stationx/nisuserx Nisiserx home directory should be auromounted locally beneth /rhome/stationx as

/rhome/stationx/nisuserx Home directories must be wriatble by their users

While you are able to log in as any of the users nisuser1 through nisuser40 , the only home directory that is accessigle from your system is nisuserx

Example station100 would configure the automounter such that nisuser100 home directory /rhome/station100/nisuser100 gets mounted automarically upon login.

The NFS share would be server1.example.com:/rhome/station100/nisuser100

# rpm - q autofs -> if not installed

# yum install autofs

# service autofs restart

# chkconfig autofs on

# vi /etc/auto.master

/rhome/stationx /etc/auto.rhome ( save )

# vi /etc/auto.rhome

nisuserx -rw,soft,intr server1.example.com:/rhome/stationx/nisuserx (save )

# service autofs restart

# su - nisuserx

# pwd

If any error :-

# vi /etc/auto.rhome

* -rw,soft,intr server1.example.com:/rhome/&

# service autofs restart

11. Configure your system so that it is an NTP client of server1.example.com

# vi /etc/ntp.conf

server server1.example.com

Comment all other server from the file ( save )

# service ntpd restart

# chkconfig ntpd on

12. Configure printer

Go to GUI

system -> administrations -> printing ( OR ) system-config-printer

select new -> give, stationx -> forward -> ipp, server1.example.com -> stationx -> generic text only -> finish

to change this as default printer

system -> Administrations -> printing -> select printer -> click as default printer

In CUI , lpstat -> to view printing in queue

# lpr -P stationx install.log

13. Download ftp://server1.example.com/pub/updates/kernel.rpm and update your kernel

# lftp 172.24.254.254

Lftp > cd /pub/Server

Lftp > get kernel …..rpm

# rpm -ivh kernel….rpm

To make this kernel default

# vi /boot/grub/grub.conf

Change , default =0 ( default ) ( save)

RHCE EXAM

Before starting RHCE

# iptables -F -> to flush out iptables

# service iptables save

# iptables -L

1. Resize the logical volume vo and its filesystem to 500MB. Make sure that the filesystem contents remain intact. Note: partitions are seldom exactly the size within the range of 470MB to 530MB is acceptable.

# lvdisplay -> if its 700MB and asked for 500MB, then we want to do LVREDUCE or else. If its less then 300MB then extend.

Case 1 :- Extend

By default lvm will be mounted in /home

# lvextend -L +200M /dev/vgo/lvm

# resize2f /dev/vgo/lvm

# lvdisplay

Case 2:- Reduce -> go to single user mode

# umount /home

# resize2fs /dev/vgo/lvm 500M

Run e2fsck -F /dev/vgo/lvm command msg.

# e2fsck -F /dev/vgo/lvm

# resize2fs /dev/vgo/lvm 500M

# lvreduce -L 500M /dev/vgo/lvm

# mount -o remount /home

Go to init 5 -> GUI

# df -h -> to check the size of /home

2. Configure quotas so that the executed by the user neo , the following command ,

dd if=/dev/zero of=/home/neo/somefile bs=1024 count=40 is permitted and successfully creates a 4ok file but

dd if=/dev/zero of=/home/neo/somefile bs=1024 count=60 is prohibited and fails to create a 60k file

# vi /etc/fstab

/dev/vgo/lvm /home ext3 default,usrquota,grpquota 0 0 ( save )

# mount –o remount /home ( update for home directory )

# quotacheck -cug /home

# quotaon /home

# useradd neo

# edquota -u neo ( create if does not exist )

# repquota /home -> to see already set quota

Block soft hard ( 40 :- warning)

30 70 (30+40) 90 (30+60) ( 60 :- never allow )

Permitted prohibited

# su - neo

$ dd if=/dev/zero of=/home/neo/somefile bs=1024 count=40 ( show warning )

$ dd if=/dev/zero of=/home/neo/somefile bs=1024 count=60 ( never allow )

3. Configure ssh as follows

Tony has remote ssh access to your machine from within wxample.com

Clients within cracker.org should nor have access to ssh on tour system

# vi /root/.ssh/known-hosts ( dd (delete ) )

# rpm -q openssh

# yum install openssh

# service sshd start

# chkconfig sshd on

Login from :- ssh 172.24.0.249 ( password := password ) ( OR )

ssh guestX@172.24.0.249 ( password := password )

# ssh tony@stationx.example.com ( password := tony )

Again back to your system , root user

# iptables -A INPUT -p tcp --dport 22 -s 172.25.0.0/16 -j REJECT ( 172.25.0.0/16:= cracker.org )

# iptables service save

# iptables service restart

# iptables -L

4. Configure pop3 email on your system according to these criteria Jony must be able to retrieve email from your machine using pop3 within example.com Clients within cracker.org should not have access to your pop3 service

# yum install dovecot

# service dovecot start

# chkconfig dovecot on

# mail -s “hi” jony@stationx.example.com

# ssh guestx@172.24.0.249 ( password :- password )

# mutt -f pop://jony@stationx.example.com

Come to your machine

# iptables -A INPUT -p tcp --dport 110 -s 172.25.0.0/16 -j REJECT

# iptables service save

# iptables service restart

# iptables -L

5. Configure FTP access on your system Client within example.com domain should have anonymous FTP access to your machine.

Clients outside example.com should not have access to your FTP service.

# yum list vsftpd

# yum install vsftpd

# service vsftpd start

# chkconfig vsftpd on

# vi /etc/vsftpd/vsftpd.conf

Anonymous_enable = yes ( check only )

# service vsftpd restart

# ssh guestx@172.24.0.249 ( password :- password )

# ftp stationx.example.com ( Come back to your system ,root )

# vi /etc/hosts.deny

Vsftpd: ALL EXECPT 172.24.0.0/255.255.0.0 ( save )

6. Share the /common directory via smb: Your smb server must be the member of the EXAMPLE workgroup The share name must be common The common share must be available to example.com domain clients only Tony must have read access to the share, authenticating with the same password ‘password’,

if necessary

# yum list samba

# yum install samba

# service smb start

# chkconfig smb on

# vi /etc/samba/smb.conf

workgroup = EXAMPLE

hosts allow = 172.24. 127.

[ common ]

Path = /common

Browseable = yes

Validusers = tony ( save )

# service smb restart

# testparm

# smbpasswd -a tony ( password :- password )

# chcon -R -t samba_share_t /common

# service smb restart

# ssh guestx@172.24.0.249

# ambclient //station.example.com/common -U tony ( password :- password )

# smb > ls

7. Implement a web server for the site http://stationx.example.com then perform the following steps

Download ftp://server1.example.com/pub/rhce/station.html Rename the download file to index.html Copy this index.html to the document root of your web server Do not make any modification to index.html

# yum list httpd

# yum install httpd

# chkconfig httpd on

# service httpd start

# lftp 172.24.254.254

Cd /pub/rhce Get stationx.html Bye

# cp stationx.html /var/www/html/index.html

# links http://stationx.example.com

8. Export your /common directory via nfs to the example.com domain only

# yum list nfs-utils

# yum install nfs-utils

# service nfs restart

# chkconfig nfs on

# service portmap start

# chkconfig portmap on

# vi /etc/exports

/common 172.24.0.0/255.255.0.0(rw,sync) ( save )

# getsebool -a | grep samba

#setsebool -P samba_share_nfs 1

# service nfs restart

# service portmap restart

9. Configure mail alias such that mail sent to acctmgr is spooled to paul’s mail directory

# yum list postfix

# yum install postfix

# chkconfig postfix on

# alternative --config mta ( set 2 , press enter )

# service sendmail stop

# chkconfig sendmail off

# service postfix start

# vi /etc/aliases

acctmgr: paul ( save )

# newaliases

# vi /etc/postfix/mani.cf

alias_maps = hash: /etc/aliases ( check )

# service postfix restart

# ssh guestx@172.24.0.249

# mail -s “ hi “ acctmgr@stationx.example.com

Hi all

Ctrl d ( come back to your system )

# su - paul

# mutt ( to see the mails of acctmgr )

10. Configure SMTP mail service according to the following requirements Your mail server should accept mail from remote hosts and localhost Tony must be able to receive mail from remote hosts Mail delivered to tony should spool into the default spool for tony /var/spool/mail/tony

# vi /etc/postfix/main.cf

inet_interfaces = All

# inet_interface = localhost (commnt ) ( save )

# service postfix restart

# ssh guestx@172.24.0.249

# mail -s “ hi ” tony@stationx.example.com

Hi all

Ctrl d ( go to your machine )

# su - tony

Mutt ( see your mail )

ADDITIONAL REQUIREMENTS

11. Provide SSL – encapsulated IMAP access IMAPS must be available to jony from within example.com

IMAPS must be available for other nerworks or domains The SSL certificate for the IMAPS server must be created as follows: Use the degaults for country,state, locality and organization name Set organization unit to GLS Set common name to station.example.com Set email address to root@statonx.eample.com

# make -C /etc/pki/tls/certs dovecot.pem

# vi /etc/dovecot.conf

Protocol = imaps pop3s

SSL_cert_file = /etc/pki/tls/certs/dovecot.pem

SSL_key_file = /etc/pki/tls/certs/dovecot.pem ( save )

# service dovecot restart

# mail -s “hi” jony@stationx.example.com

Abcdefg

Ctrl d

# ssh guestx@172.24.0.249

mutt –f imaps://jony@stationx.example.com

accept ( o ) ( again back to root user )

# iptables -A INPUT -p tcp --dport 993 -s ! 172.24.0.0/16 -j REJECT (IMAPS )

# iptables -A INPUT -p tcp --dport 995 -s ! 172.24.0.0/16 -j REJECT ( POP3 )

# service iptables save

# service iptables restart

# nmap localhot ( show ports )

12. Implement a web proxy server bound to port 8080 Clients within example.com should have access to your proxy server Clients outside of example.com should not have access to your proxy server

# yum list squid

# yum install squid

# chkconfig squid on

# service squid start

# vi /etc/squid/squid.conf

HTTP_port 8080

Cache_mem 8MB

Cache_dir ufs /var/spool/squid 100 16 256

Acl mynetwork src 172.24.0.0/255.255.0.0

http_access allow mynetwork ( save )

# service squid restart

# nmap localhost ( or ) < ip addr > ( check ports )

13. Extend your web server to include a virtual host for the site http://server1.example.com where x is your station number

Set the documentRoot to /var/www/virtual Download ftp://server1.eaxample.com/pub/rhce/wwwx.html Rename the downloaded file to index.html Place this index.html in the document of the virtual hosts No not make any modifications to the content of index.html Ensure that tony is able to create content in /var/www/virtual Note:- the original web site http://stationx.example.com must still be accessible. DNS

resolution for the hostname wwwx.example.com is already provided by the name server on server1.example.com

# vim /etc/httpd/conf/httpd.conf

Name Virtual Host 172.24.0.x:80

<Virtual Host stationx.example.com:80>

ServerName stationx.example.com

DocumentRoot /var/www/html

</Virtual Host>

<Virtual Host wwwx.example.com:80>

ServerName wwwx.example.com

DocumentRoot /var/www/virtual

</Virtual Host> ( save )

# mkdir /var/www/virtual

# ftp server1.example.com

Cd /pub/rhce Get wwwx.html Bye

# cp wwwx.html /var/www/virtual/index.html

# service httpd resatart