RHCE Update
RHCE Update
RHCE Update
Configure Repository
Create repository for system1 and system2. You can use this URL for your
repository: http://classroom.example.com/content/rhel7.0/x86_64/dvd
Answer:
#cd /etc/yum.repos.d
(Show with ls command and delete previous repo)
#vim yum.repo [repo name is user define]
[rhce]
name=repo for rhce exam
baseurl=http://classroom.example.com/pub/x86_64/server
enabled=1
gpgcheck=0
[Save & Exit]
# yum update -y
Configure SELinux
Answer:
# vim /etc/selinux/config
SELINUX=enforcing (Be careful about this change)
(Save and Exit)
# reboot
[You can check this with getenforce command]
# getenforce
Enforcing
SSH Configuration
Configure SSH access on your both hosts (System-1 and System-2) as follows. Clients within
rny22ilt.org should not have access to ssh on your hosts.
Answer:
Answer:
# firewall-config
Create a command called qstat on both systems (System-1 and System2). It should be able to execute the followings.
qstat ( ) {
ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
}
[save and exit]
# source /etc/bashrc
[Type bellow command for check]
# qstat
Configure eth0 interface with static ipv6 address on both systems and able
to communicate within the network.
System-1: 2001:123::1/64
System-2: 2001:123::2/64
Both systems should be maintain the current IPv4 address and changes should
be permanent even after the reboot.
Answer: [for System-1]
#nmcli connection modify eth0ipv6.address 2001:123::1/64 connection.autoconnect yes ipv6.method manual
Link Aggregation
Configure syatem-1 and syatem-2 with eth0 and eth1 which watches for link changes. Selects
an active port for data transfers.
Answer:
# lab teambridge setup (Not in exam only for lab environment)
# nmcli connection show
# nmcli connection add con-name team0 type team ifname team0 config {runner:{name:activebackup}}
# nmcli connection add con-name team0-p1 type team-slave ifname eno1 mater team0
# nmcli connection add con-name team0-p2 type team-slave ifname eno2 master team0
# nmcli connection modify team0 ipv4.address 192.168.X.10/24 ipv4.method manual connection.autoconnect yes
# nmcli connection up team0
# nmcli connection up team0-p1
# nmcli connection up team0-p2
# teamdctl team0 state
[Ping each other for check the task]
SMTP Configuration
Configure SMTP mail service on both systems which relay the mail only from local system through
smtpX.example.com, all outgoing mail have their sender domain as example.com. Ensure the mail should not store
locally. Verify the mail server is working by sending mail to root@desktopX.example.com user.
Solution:
# yum install postfix y
#cd /etc/postfix
Continue
SMTP Configuration
# firewall-cmd - - permanent - - add-service=smtp
# firewall-cmd - - reload
# systemct enable postfix
10
SMTP Configuration
11
Your server system should accept new mail over smtp from the 172.25.X.0/24. All messages not addressed to running
on desktop.example.com.
Solution:
# yum install postfix y
#cd /etc/postfix
# vim main.cf [set line number with set nu command]
Continue
SMTP Configuration
# firewall-cmd - - permanent - - add-service=smtp
# firewall-cmd - - reload
# systemct enable postfix
12
13
1.
Share /nfsshare directory within the example.com domain clients only, share
must be writable.
2.
3.
4.
[ At exam time no need to create any user for NFS, they will create and provide you the user name]
In exam time, you have to download three packages for this configuration:
1.
sssd.
2.
Authconfig-gtk
3.
Krb5-workstation
14
/etc/exports
/nfsshare
#exportfs
Common Mistakes:
15
172.25.X.0/24(rw)
-ra
Common Mistakes:
# mkdir /public
# vim
/etc/fstab
serverX.example.com:/nfsshare
16
17
/etc/exports
/nfssecure/protected
172.25.X.0/24(sec=krb5p,rw)
-ra
Common Mistakes:
18
Common Mistakes:
# vim /etc/fstab
serverX.example.com: /nfssecure/protected
/secure/protected
nfs sec=krb5p,defaults
# mount -a
# df -h
# chown harry
1.
/secure
ACL
# setfacl
-m u:harry:rwx
/secure
Preferable
19
2.
3.
4.
5.
Susan must have the read access to the share, authenticating with the
same password if necessary.
20
-y
21
-y
/sambadir
[Apply SELinux context on directory, you can get help from man page with man semanage-fcontext command]
# restorecon -R v /sambadir
# ls
-ldZ /sambadir
/etc/samba/smb.conf
workgroup = TESTGROUP
host allows = 172.25.0.
[data]
path = /sambadir
valid users = susan
# testparm -s
# systemctl enable smb nmb
# systemctl start smb nmb
# firewall-cmd - - permanent --add-service=samba
# firewall-cmd - - reload
22
2.
3.
The user martin has the read access to the /opstack SMB share.
4.
5.
23
-y
24
-y
/opstack
[Apply SELinux context on directory, you can get help from man page with man semanage-fcontext command]
# restorecon -R v /opstack
# ls
-ldZ /opstack
25
Samba Test
26
2.
27
28
Answer:
# yum install samba-client -y
# yum install cifs-utils -y
# mkdir -p /mnt/smbspace
# vim /root/pass.txt
username=frankenstain
password=Sanitago
# vim /etc/fstab
//serverX.example.com/cluster
# mount -a
# df -h
/mnt/smbspace
cifs credentials=/root/pass.txt,multiuser,sec=ntlmssp 0
Webserver Configuration
29
rhce.html
index.html
Virtual Hosting
30
Setup a virtual host with an alternate document root. Extend your web to include a virtual for
the site http://wwwX.example.com Set the document root as /usr/local/vhosts
Download http://classroom.example.com/pub/rhce/vhost.htrnl - rename it as index.html
place this document root of the virtual host Note: The other websites configures for your server
must still accessible.
Answer:
# mkdir -p /usr/local/vhosts
[Apply SELinux context on directory, you can get help from man page with man semanage-fcontext command]
-ldZ /usr/local/vhosts
# cd /usr/local/vhosts
#wget http://classroom.example.com/pub/rhce/www.html
Virtual Hosting
# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
# vim /etc/httpd/conf.d/ httpd-vhosts.conf
<VirtualHost serverX.example.com:80>
DocumentRoot "/var/www/html"
ServerName serverX.example.com
</VirtualHost>
<VirtualHost wwwX.example.com:80>
DocumentRoot "/usr/local/vhosts"
ServerName wwwX.example.com
</VirtualHost>
/etc/httpd/conf.d/
31
Virtual Hosting
#vim /etc/httpd/conf/httpd.conf
#vim httpd-vhosts.conf
<Directory /var/www/html>
Require all granted
</Directory>
<Directory "/usr/local/vhosts">
Require all granted
</Directory>
# httpd -t [For check the syntax error in configuration file]
# systemctl restart httpd.service
[Write on browser wwwX.example.com for test the vhost server]
32
Restricted Webpage
33
Implement website for http://serverX.content.com/owndir. Create a directory named as "owndir" under the document
root of webserver. Download http://station.networkO.content.com/pub/rhce/restrict.htrnl. Rename the file into
index.html. The content of the owndir should be visible to everyone browsing from your local system but should not be
accessible from other location.
Answer:
#mkdir -p /var/www/html/owndir
[Apply SELinux contect on directory, you can get help from man page with man semanage-fcontext command]
# vim /etc/httpd/conf/httpd.conf
<Directory /var/www/html/owndir>
Require host serverX.example.com
</Directory>
#httpd -t
Secured Webserver
Configure the website https://serverX.content.com with TLS SSLCertificate file.
1.
TLS Certificate:
http://classroom.example.com/pub/tls/certs/webappX.crt
2. TLS private key:
http://classroom.example.com/pub/tls/private/webappX.key
3. TLS CA certificate:
http://classroom.example.com/pub/example-ca.crt
34
Secured Webserver
35
Answer:
#yum install mod_ssl -y
#cd /etc/pki/tls/certs
wget http://classroom.example.com/pub/tls/certs/webappX.crt
http://classroom.example.com/pub/example-ca.crt
#cd /etc/pki/tls/private
http://classroom.example.com/pub/tls/private/webappX.key
All .crt files will be download under certs and .key file will download under private directory.
Secured Webserver
#vim /etc/httpd/conf.d/ssl.conf
<virtualhost *:443>
ServerName serverX.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!aMD5
SSLCertificateFile /etc/pki/tls/certs/webapp.crt
SSLCertificateKeyFile /etc/pki/tls/private/webappX.key
SSLCertificateChainFile
/etc/pki/tls/certs/example-ca.crt
</virtualhost >
#firewall-cmd - -permanent - -add- -service=https
#firewall-cmd reload
#httpd -t
#systemctl restart httpd.service
36
37
/etc/pki/tls/certs/example-ca.crt
WSGIScriptAlias / /srv/webapp/webapp.wsgi
</virtualhost >
<Directory /srv/webapp>
Require all granted
</Directory>
38
39
<virtualhost *:8989>
ServerName webappX.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!aMD5
SSLCertificateFile /etc/pki/tls/certs/webapp.crt
SSLCertificateKeyFile /etc/pki/tls/private/webappX.key
SSLCertificateChainFile
</virtualhost >
# systemctl restart httpd.service
/etc/pki/tls/certs/example-ca.crt
40
Script # 01
41
# chmod +x /root/random/script
# /root/random/script foo
# /root/random/script bar
Script # 02
Create a script on serverX called /root/createusers with following details:
42
1. When run as /root/createusers testfile, it should add all the users from the downloaded
file.(http://serverX.example.com/testfile). All users should have the loginshell as /bin/false,
password not required.
2. When this script is run with any other argument, it should print the message as Input File
Not Found.
3. When run without any argument, it should display Usage:/root/createusers.
NOTE: If the users are added, no need to delete.
[For lab environment, create a file with user name. File name should be testfile]
Script # 02
Answer:
# vim testfile [Write user name list---Only for lab]
# vim /root/createusers
#! /bin/bash
a=
case $@ in
$a)
echo Usage: /root/createusers;;
*) echo Input File Not Found;;
esac
# chmod +x /root/createusers
# /root/createusers testfile
# /root/createusers [Enter]
43
44
Create a new 3GB LVM target on your serverX.example.com. The block device
name should be data block. The server should export an iscsi disk called iqn.201410.com.example:serverX. LVM name should be /dev/iscsivg/iscsilv
Answer:
# fdisk -l
#fdisk /dev/vdb
[Create 3300MB LVM partition]
# partprobe
# pvcreate /dev/vdb
# vgcreate iscsivg /dev/vdb1
# lvcreate -L 3072M -n iscsilv iscsivg
# lvdisplay
45
46
Create 3GB partition on iSCSI block device and assign the file system as ext3.
2.
3.
4.
47
Answer:
#yum install iscsi-initiator-utils -y
#vim /etc/iscsi/initiatorname.iscsi
InitiatorName= iqn.2014-10.com.example:desktopX
# systemctl enable iscsi
# systemctl start iscsi
# iscsiadm --mode discovery --type sendtargets --portal 172.25.X.X discover
# iscsiadm --mode node --targetname iqn.2014-10.com.example:systemX --portal
172.25.X.X:3260 login
[For above two command you can get help from man page man iscsiadm]
48
# fdisk -l
# fdisk /dev/sda
[Create a 3GB partition]
# partprobe
# mkfs.ext3 /dev/sda1
/mnt/initiator
# mount -a
# mkdir /mnt/initiator
# cd /mnt/initiator
# wget http://classroom.example.com/pub/iscsi.txt
# chown root iscsi.txt
# chmod 0644 iscsi.txt
ext3
_netdev
MariaDB # 1
49
Most important
4. Other than the root user, the user andrew able to read,write,update,delete the
query from the above mentioned database. [Andrew is a local user]
5. The user should be authenticated with the password as "Postroll".
MariaDB # 1
50
# mysql_secure_installation
Enter/:Y/New Password:Postroll/Y/Y/Y/Y/
# mysql -u root p
MariaDB [(none)]> create database Contacts;
Database create
command.
# wget http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump
# mysql -u root -p Contacts < mariadb.dump
Enter password: Postroll
Database Backup
MariaDB # 1
51
# mysql -u root -p
Enter password: [ ******]
MariaDB [(none)]> show databases;
MariaDB [(none)]> use Contacts;
User Create
MariaDB # 1
# mysql -u steve p
MariaDB [(none)]> use Contacts;
52