You are on page 1of 84

EMPOWERING SYSTEM ADMINISTRATORS

RHCE

IPv6
One of the main benefits of Internet Protocol version 6 (IPv6) over previously used
Internet Protocol version 4 (IPv4) is the large addressspace that contains (addressing)
information to route packets for the next generation Internet.
IPv6 supports 128bit address space and can potentially support 2128 or 3.4W1038
unique IP addresses (as opposed to 32bit address space of IPv4). With this large address
space scheme, IPv6 has the capability to provide unique addresses to each and every
device or node attached to the Internet.
Types of IPv6 Addresses
IPv6 addresses are broadly classified into three categories:
1) Unicast addresses A Unicast address acts as an identifier for a single interface. An IPv6
packet sent to a Unicast address is delivered to the interface identified by that address.
2) Multicast addresses A Multicast address acts as an identifier for a group/set of
interfaces that may belong to the different nodes. An IPv6 packet delivered to a Multicast
address is delivered to the multiple interfaces.
3) Anycast addresses Anycast addresses act as identifiers for a set of interfaces that may
belong to the different nodes. An IPv6 packet destined for an Anycast address is delivered
to one of the interfaces identified by the address.

Special Addresses in Ipv6

::/96 The zero prefix denotes addresses that are compatible with the previously used IPv4 protocol.
::/128 An IPv6 address with all zeroes in it is referred to as an unspecified address and is used for
addressing purposes within a software.
::1/128 This is called the loop back address and is used to refer to the local host. An application sending a
packet to this address will get the packet back after it is looped back by the IPv6 stack. The local host
address in the IPv4 was 127.0.0.1.
2001:db8::/32 This is a documentation prefix allowed in the IPv6. All the examples of IPv6 addresses
should ideally use this prefix to indicate that it is an example.
fec0::/10 This is a sitelocal prefix offered by IPv6. This address prefix signifies that the address is valid
only within the local organization. Subsequently, the usage of this prefix has been discouraged by the
RFC.
fc00::/7 This is called the Unique Local Address (ULA). These addresses are routed only within a set of
cooperating sites. These were introduced in the IPv6 to replace the sitelocal addresses. These
addresses also provide a 40bit pseudorandom number that reduces the risk of address conflicts.
ff00::/8 This prefix is offered by IPv6 to denote the multicast addresses. Any address carrying this prefix is
automatically understood to be a multicast address.
fe80::/10 This is a linklocal prefix offered by IPv6. This address prefix signifies that the address is valid
only in the local physical link.

IPv6
#lab ipv6 setup --->Use setup in classroom only
#ip addr show / #ip a / #ip link
---> to show the available interface in system
# nmcli connection show
# nmcli con add type ethernet conname ethernetname ifname eno1 (SKIP THIS
STEP IF THEY ASKED FOR "ETH0")
# nmcli con sh
# nmcli con modify ethernetname ipv6.addresses 'fddb:fe2a:ab1e::c0a8:64/64
fddb:fe2a:ab1e::c0a8:fe' ipv6.method static
NOTE:If they didnt give the gateway just leave it.
# nmcli con up ethernetname
NOTE: The ethernetname is your wish to give. If the device is already added then
you should use that Name only
# ping6 fddb:fe2a:ab1e::c0a8:fe

LINK AGGREGATION
The Linux NIC teaming driver provides a method for aggregating multiple
network interfaces into a single Team interface. The behavior of the
team interfaces depends upon the runner configuration. Generally
teaming supports below methods.
NIC Teaming will support
Round robin
Load balancing
Failover
Broadcast
Naming convention of Red Hat Enterprise Linux as, On board LAN card
naming em0, em1..etc. Additional LAN card naming if it is a 4 port NIC
card p1p1, p1p2, p1p3 and p1p4 (p1 = Slot1 p14=Port)

The key reasons why you might want to use teaming rather than bonding
are
Teaming has a small kernel module which implements fast handling of
packets flowing through your teamed interfaces
support for IPv6 (NS/NA) link monitoring
Capable of working with DBus and Unix Domain Sockets (the default)
It provides an extensible and scaleable solution for your teaming
requirements
load balancing for LACP support
It makes use of NetworkManager and its associates tools (the modern
way) to manage your network connections
This article will provide a guide to configure NIC teaming in RHEL7.
NIC Teaming as Active Backup will provide you redundancy in case of any
one of NIC is failed still end user can access services from server. We also
call it has FailOver mechanism.

LINK AGGREGATION

# lab teambridge setup --->Use setup in classroom only


#ip addr show / #ip a / #ip link
#nmcli connection add type team conname Teamname ifname team0 config
'{"runner":{"name":"activebackup"}}'
#nmcli connection modify Teamname ipv4.addresses 192.168.X.11/24
ipv4.method manual
#nmcli connection show
#nmcli connection add type teamslave conname Teamslave1 ifname eth1
master Teamname
#nmcli connection add type teamslave conname Teamslave2 ifname eth2
master Teamname
#nmcli connection up Teamname
#ping 192.168.X.11

#
#
#
#
#
#

nmcli con sh
teamdctl Teamname state
nmcli con down Teamslave1 (OR) Teamslave2
teamdctl Teamname state
nmcli con up Teamslave1 (OR) Teamslave2
teamdctl Teamname state

DNS
DNS = Domain Naming Service (or) Domain Name System DNS will resolve the
host name for the particular IP address.
Domain Name Service (DNS) is the service used to convert human
readable names of hosts to IP addresses. Host names are not case
sensitive and can contain alphabetic or numeric letters or the hyphen.
Avoid the underscore. A fully qualified domain name (FQDN) consists of
the host name plus domain name as in the following example:
computername.domain.com
i) named/bind server TCP/UDP port 53
ii)Client (browser, dig etc) port > 1023

Record
SOA
NS
A
PTR
CNAME
MX
SRV
AAAA
AFSDB
HINFO
ISDN
MB
MG
MINFO
MR
RP
RT
TXT
WKS
X.25
WINS
WINSR
ATMA

Purpose
Specifies authoritative server for the zone
Specifies address of domains name server(s)
Maps host name to an address
Maps address to a host name for reverse lookup
Creates alias (synonymous) name for specified host
Mail exchange server for domain
Defines servers for specific purpose such as HTTP, FTP, and so on
Maps host name to Ipv6 address
Location of AFS cell database server or DCE cells authenticated server
Identifies hosts hardware and OS type
Maps host name to ISDN address (phone number)
Associates host with specified mailbox; experimental
Associates host name with mail group; experimental
Specifies mailbox name responsible for mail group; experimental
Specifies mailbox name that is proper rename of other mailbox; experimental
Identifies responsible person for domain or host
Specifies intermediate host that routes packets to destination host
Associates textual information with item in the zone
Describes services provided by specific protocol on specific port
Maps host name to X.121 address (X.25 networks); used in conjunction with RT records
Allows lookup of host portion of domain name through WINS server
Reverses lookup through WINS server
Maps domain name to ATM address

Suffix
Com
Edu
Gov
Mil
Net
Org
Int

Purpose
Commercial organizations (businesses)
Educational organizations such as colleges & universities
Governmental organizations such as the IRS, SSA, NASA, and so on
Military organizations
Networking organizations such as ISPs
Noncommercial organizations such as the IEEE standards body
International organizations such as NATO

Example
microsoft.com
berkeley.edu
nasa.gov
army.mil
mci.net
ieee.org
nato.int

List of DNS record types :


NS Record:
Name server All the servers that are listed in the NS record are stated as the
authoritative name servers for a particular domain.
MX Record:
MX record is considered as the Mail Exchange Record. This MX record states the
location where the mail is being sent. Apart from IP address MX records contains fully
qualified domain names.

A Record:
A record is the Address Record. This assigns an IP address for a domain or a subdomain
name. Usually A record will be an IP address.
CNAME Record:
Canonical Name Record makes one domain name as an alias of another domain name.
Usually the aliased domain acquires all the subdomains and DNS record of the original
domain. CNAME redirects request to another record. CNAME will be fully qualified domain
name.
TXT Record:
TXT Record allows inserting arbitrary text into a DNS record. These TEXT Record adds
SPF records to a domain.
TIL Record :
TIL is nothing but Time to Live. This TIL value sets the tenure of information which will
be good when a recursive DNS server queries for your domain name information Usually the
value is set in seconds.
SOA Record:
This State of Authority record specifies the DNS server that provides authoritative
information about the domain name, domain administrator email, domain serial number,
along with several timers in relation to refreshing the zone.

DNS
SERVER:
#
#
#
#
#

ifconfig
yum install bind* y
systemctl enable named.service
systemctl start named.service
vim /etc/hosts
172.25.X.11

serverX.example.com

# vim /etc/sysconfig/network
NETWORKING=YES
HOSTNAME=SERVERX

# vim /etc/resolv.conf
nameserver 172.25.X.11
# vim /etc/named.conf
LINE NO:11
listenon port 53 { 127.0.0.1; 172.25.X.11; };
LINE NO:12
listenonv6 port 53 { ::1; };
LINE NO:17
allowquery
{ localhost; any; };
NOTE: ABOVE LINE GIVE ANY OR GIVE NETWORK ADDRESS.

# vim /etc/named.rfc1912.zones
zone "example.com" IN {
type master;
file "forward.for";
allowupdate { none; };
};
zone "X.25.172.inaddr.arpa" IN {
type master;
file "reverse.rev";
allowupdate { none; };
};

#
#
#
#

cd /var/named
cp p named.localhost forward.for
cp p named.localhost reverse.rev
vim forward.for
$TTL 1D
@
IN SOA @ serverX.example.com. (
0
; serial
1D
; refresh
1H
; retry
1W
; expire
3H ) ; minimum
NS
serverX.example.com.
example.com
IN
A
172.25.X.11
serverX
IN
A
172.25.X.11
system
IN
CNAME
serverX

# vim reverse.rev
$TTL 1D
@
IN SOA

@ serverX.example.com. (
0
; serial
1D
; refresh
1H
; retry
1W
; expire
3H )
; minimum
NS
serverX.example.com.
X
IN
PTR
serverX.example.com
# namedcheckzone serverX.example.com forward.for [OR]
reverse.rev [OR] forward.for reverse.rev
[FOR SYNTAX
CHECKING]
# systemctl restart named.service

# dig x 172.25.X.11
[OR]
# dig serverX.example.com
[OR]
# nslookup serverX.example.com
[OR]
# nslookup 172.25.X.11
# firewallcmd permanent addservice=dns
# firewallcmd reload

SMTP
SMTP (Simple Mail Transfer Protocol)
PORT NUMBER: 25
SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving
email. However, since it is limited in its ability to queue messages at the receiving end,
it is usually used with one of two other protocols, POP3 or IMAP, that let the user save
messages in a server mailbox and download them periodically from the server.
In other words, users typically use a program that uses SMTP for sending email and
either POP3 or IMAP for receiving email.
On Unixbased systems, sendmail is the most widelyused SMTP server for email. A
commercial package, Sendmail, includes a POP3 server. Microsoft Exchange includes an
SMTP server and can also be set up to include POP3 support.
SMTP is generally integrated within an email client application and is composed of four
key components:
Local user or clientend utility known as the mail user agent (MUA)
Server known as mail submission agent (MSA)
Mail transfer agent (MTA)
Mail delivery agent (MDA)
SMTP works by initiating a session between the user and server, whereas MTA and MDA
provide domain searching and local delivery services.

POP3 (Post Office Protocol 3)


PORT NUMBER: 110
POP3 (Post Office Protocol 3) is the most recent version of a standard
protocol for receiving email.
POP3 is a client/server protocol in which email is received and held for
you by your Internet server. Periodically, you (or your client email
receiver) check your mailbox on the server and download any mail,
probably using POP3.
This standard protocol is built into most popular email products, such as
Eudora and Outlook Express.
It's also built into the Netscape and Microsoft Internet Explorer browsers.
POP can be thought of as a "storeandforward" service.

IMAP (Internet Message Access Protocol)


PORT NUMBER: 143
IMAP (Internet Message Access Protocol) is a standard email protocol that
stores email messages on a mail server, but allows the end user to view and
manipulate the messages as though they were stored locally on the end
user's computing device(s). This allows users to organize messages into
folders, have multiple client applications know which messages have been
read, flag messages for urgency or followup and save draft messages on the
server.
Most implementations of IMAP support multiple logins; this allows the end
user to simultaneously connect to the email server with different devices.
Even though IMAP has an authentication mechanism, the authentication
process can easily be circumvented by anyone who knows how to steal a
password by using a protocol analyzer because the clients username and
password are transmitted as clear text. In an Exchange Server environment,
administrators can work around this security flaw by using Secure Sockets
Layer (SSL) encryption for IMAP.

SMTP
SERVER:
# vim /etc/postfix/main.cf
LINE NO.75
myhostname = serverX.example.com
LINE NO.83
mydomain = example.com
LINE NO.98
myorigin = $myhostname
LINE NO.113
inet_interfaces = all
LINE NO.116
#inet_interfaces = localhost
LINE NO.164
#mydestination = $myhostname,
localhost.$mydomain, localhost
LINE NO.166
mydestination = $myhostname,
localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
LINE NO.264
mynetworks =172.25.X.0/24,127.0.0.0/8
LINE NO.316
relayhost = [desktopX.example.com]
[OR]

#postconf e myhostname = serverX.example.com


#postconf e "mydomain = example.com"
#postconf e "myorigin = all"
#postconf e "inet_interfaces = loopbackonly"
#postconf e "mydestination = $myhostname,
localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
#postconf e mynetworks =172.25.X.0/24
#postconf e "relayhost = [desktopX.example.com]"
# systemctl restart postfix.service
# firewallcmd permanent addservice=smtp
# firewallcmd reload

CLIENT:
# vim /etc/postfix/main.cf
LINE NO.113
inet_interfaces = all
LINE NO.116
#inet_interfaces = localhost
# systemctl restart postfix.service
# firewallcmd permanent addservice=smtp
# firewallcmd reload

NOW MAIL BOTH SIDES:


SERVER:
# mail root@desktopX.example.com
subject:
> TYPE THE SUBJECT
> TYPE THE MESSAGE HERE AND LASTLY
GIVE "." FOR EXIT FROM MAIL...
CLIENT:
# mail
> now you received the mail...

CLIENT:
# mail root@serverX.example.com
subject:
> TYPE THE SUBJECT
> TYPE THE MESSAGE HERE AND LASTLY
GIVE "." FOR EXIT FROM MAIL...
SERVER:
# mail
> now you received the mail...

SMTPNULLCLIENT
SERVER:
# lab smtpnullclient setup
# vim /etc/postfix/main.cf
LINE NO.75
myhostname = serverX.example.com
LINE NO.83
mydomain = example.com
LINE NO.99
myorigin = $mydomain
LINE NO.116
inet_interfaces = loopbackonly
LINE NO.164
mydestination =
LINE NO.315
relayhost = [smtpX.example.com]
# systemctl restart postfix.service
# firewallcmd permanent addservice=smtp
# firewallcmd reload

CLIENT:

[THIS IS ONLY FOR CLASSROOM SETUP.


IN EXAM DO SAME AS SERVER]

# lab smtpnullclient setup


# vim /etc/postfix/main.cf
LINE NO.116
inet_interfaces = all
# systemctl restart postfix.service
# firewallcmd permanent addservice=smtp
# firewallcmd reload

AGAIN
SERVER:
# mail student@desktopX.example.com
# mutt f imaps://imapX.example.com

ISCSI
ISCSI PORT NUMBER: 3260
ISCSI, which stands for Internet Small Computer System Interface, works on
top of the Transport Control Protocol (TCP) and allows the SCSI command to
be sent endtoend over localarea networks (LANs), widearea networks
(WANs) or the Internet.
SAN Server
Definition: A storage area network (SAN) is a type of local area network
(LAN) designed to handle large data transfers. A SAN typically supports data
storage, retrieval and replication on business networks using high-end servers,
multiple disk arrays and Fibre Channel interconnection technology.
Also Known As: Storage Area Network, System Area Network.

NAS Server
NAS stands for Network Attached Storage. Most manufacturers of network
devicesrouters, hard drives, as well as some home theater manufacturers,
offer a NAS unit.
As the name implies, the NAS unit is connected to your home network and
you save files to it. Typically, a NAS box will have at least a 1 TB hard drive
to store the files.
The popularity of NAS units has increased as the need to store and access large
media file libraries has grown.
The NAS acts as a media server, making it easy for your home network
connected computers and network media players to access your media files.

ISCSI 6
SERVER:
(CREATE LVM IF THEY ASKED)
#yum install scsitargetutils y
#service tgtd start
#chkconfig tgtd on
# vim /etc/tgt/targets.conf
<target iqn.201506.com.example.test:target1>
backingstore /dev/vgname/lvname
</target>
#service tgtd restart
# tgtadmin show

>To Check the configuration

CLIENT:
#yum install iscsiinitiatorutils.i686 y
#iscsiadm m discovery t st p 172.25.X.11
#iscsiadm m node T iqn.201506.com.example.test:target1 p 172.25.X.11:3260
l
#lsblk
#cat /proc/partitions
(CREATE PARTITION, FORMAT IT AND MOUNT IF THEY ASKED)
[NOTE: IT SHOULD BE MOUNT _NETDEV IN /ETC/FSTAB]
EXAMPLE:
/dev/sdaX
/folder ext4
_netdev 0 0
#mount a
#df h

ISCSI 7
SERVER:
(CREATE LVM IF THEY ASKED)
#yum install targetcli.noarch y
#systemctl enable iscsid.service
[OR]
#systemctl enable target.service
#systemctl start iscsid.service
[OR]
#systemctl start target.service
#targetcli
/> /backstores/block create iscsiname /dev/vgname/lvname
/> /iscsi create iqn.201602.com.example:system1
/> /iscsi/iqn.201602.com.example:system1/tpg1/acls create iqn.2016
02.com.example:system2
/> iscsi/iqn.201602.com.example:system1/tpg1/luns create
/backstores/block/iscsiname
/> iscsi/iqn.201602.com.example:system1/tpg1/portals create 172.25.X.11 3260
/> saveconfig
/> exit

#systemctl restart iscsid.service [OR]


#systemctl restart target.service
# firewallcmd permanent addport=3260/tcp
# firewallcmd reload

CLIENT:
#yum install iscsiinitiatorutils.i686 y
#vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.201602.com.example:system2

#iscsiadm m discovery t st p 172.25.X.11


#iscsiadm m node T iqn.201602.com.example:system1 p 172.25.X.11:3260 l
#lsblk
#cat /proc/partitions
(CREATE PARTITION, FORMAT IT AND MOUNT IF THEY ASKED)
[NOTE: IT SHOULD BE MOUNT _NETDEV IN /ETC/FSTAB]
EXAMPLE:
/dev/sdaX
/folder xfs
_netdev 0 0
#mount a
#df h

NFS
NFS(Network File System)
NFS PORT NUMBER: 2049
RPC PORT NUMBER: 111
A Network File System (NFS) allows remote hosts to mount file systems
over a network and interact with those file systems as though they are
mounted locally. This enables system administrators to consolidate
resources onto centralized servers on the network.
nfs
service nfs start starts the NFS server and the appropriate RPC processes
to service requests for shared NFS file systems.
rpcbind
rpcbind accepts port reservations from local RPC services. These ports are
then made available (or advertised) so the corresponding remote RPC
services can access them. rpcbind responds to requests for RPC services
and sets up connections to the requested RPC service.

NFS
rpc.mountd
This process is used by an NFS server to process MOUNT requests from NFSv2 and
NFSv3 clients. It checks that the requested NFS share is currently exported by the NFS
server, and that the client is allowed to access it. If the mount request is allowed, the
rpc.mountd server replies with a Success status and provides the FileHandle for this
NFS share back to the NFS client.
Benefits of NFS :
NFS allows local access to remote files.
It uses standard client/server architecture for file sharing between all *nix based
machines.
With NFS it is not necessary that both machines run on the same OS.
With the help of NFS we can configure centralized storage solutions.
Users get their data irrespective of physical location.
No manual refresh needed for new files.
Newer version of NFS also supports acl, pseudo root mounts.
Can be secured with Firewalls and Kerberos.

NFS
SERVER:
#lab nfskrb5 setup >Use setup in classroom only
#rpm qa nfs* [OR] rpm q nfsutils
#systemctl enable nfsserver.service nfssecure.service nfssecureserver.service
#wget O /etc/krb5.keytab http://path
#systemctl start nfsserver.service nfssecure.service nfssecureserver.service
#vim /etc/sysconfig/nfs
RPCNFSDARGS=V 4.2
#vim /etc/exports
/nfscommon *.example.com(rw,sync)
/nfssecure
*.example.com(rw,sync,sec=krb5p)

#mkdir /nfscommon /nfssecure


#chown nfsnobody:nfsnobody /nfscommon R
#chown ldapuserX:ldapuserX /nfssecure R
#systemctl restart nfsserver.service nfssecure.service nfssecure
server.service rpcbind.service
#showmount e (OR)
exportfs (OR)
exportfs arvf
#firewallcmd permanent addservice=nfs
#firewallcmd permanent addservice=rpcbind
#firewallcmd permanent addservice=kerberos
#firewallcmd permanent addservice=mountd
#firewallcmd reload

CLIENT:
#lab nfskrb5 setup >Use setup in classroom only
# rpm qa nfs* [OR] rpm q nfsutils
#systemctl enable nfsserver.service nfssecure.service
#wget O /etc/krb5.keytab http://172.25.254.100/pub/keytabs/desktopX.keytab
#systemctl start nfsserver.service nfssecure.service
#vim /etc/sysconfig/nfs
RPCNFSDARGS=V 4.2
#vim /etc/fstab
serverX:/nfssecure /secure nfs defaults,sec=krb5p,v4.2 00
serverX:/nfscommon /normal nfs defaults
00

#mkdir /secure /normal


#mount a
#ls ldZ /secure
#umount /secure
#mount o context="system_u:object_r:public_content_rw_t:s0"
serverX:/nfssecure /secure
VALIDATION:
#df h
#getent passwd ldapuserX
#ssh X ldapuserX@desktopX.example.com
$cd /secure
$touch 1
$ exit
#cd /secure
#touch 2
>permission denied for root also

SAMBA
SAMBA PORT NUMBER : 445
NETBIOS PORT NUMBER : 137(UDP), 138(UDP), 139
Samba is an Open Source/Free Software suite that provides seamless file
and print services to SMB/CIFS clients." Samba is freely available, unlike other
SMB/CIFS implementations, and allows for interoperability between
Linux/Unix servers and Windowsbased clients.
SMB server message block
CIFS Common Internet File System
NetBIOS (Network Basic Input/Output System) is a program that allows
applications on different computers to communicate within a local area
network (LAN). NetBIOS is used in Ethernet and Token Ring networks and,
included as part of NetBIOS Extended User Interface (NetBEUI), in recent
Microsoft Windows operating systems. It does not in itself support a routing
mechanism so applications communicating on a wide area network (WAN)
must use another "transport mechanism" (such as Transmission Control
Protocol) rather than or in addition to NetBIOS.

Samba could handle a fairly basic set of operations that included:


connecting to and disconnecting from file and print shares
opening and closing files
opening and closing print files
reading and writing files
creating and deleting files and directories
searching directories
getting and setting file attributes
locking and unlocking byte ranges in files

SAMBA
SERVER:
#yum install samba sambaclient y
#systemctl enable smb.service nmb.service
#systemctl start smb.service nmb.service
#vim /etc/samba/smb.conf
line No:89
workgroup=SMBGROUP
line No:95
hosts allow = 127. 172.25. .example.com (GO TO LAST LINE)
[common]
comment = normal sharing
path = /samba
public = no
printable = no
read only = yes
browseable = yes
valid users = tom, sam

[secure]
comment = secure sharing
path = /securesamba
public = no
printable = no
browseable = yes
valid users = jack, king
write list = jack
(NO NEED TO CREATE USERS IN EXAM. THEY ALREADY CREATED LDAP USERS)
#useradd tom
#useradd sam
#useradd jack
#useradd king
#pdbedit L (Display the samba users list)

#smbpasswd a tom
< put samba password.
#smbpasswd a sam
< put samba password.
#smbpasswd a jack
< put samba password.
#smbpasswd a king
< put samba password.
#smbpasswd e tom
#smbpasswd e sam
#smbpasswd e jack
#smbpasswd e king
#pdbedit L
#mkdir /samba /securesamba
#chmod 2775 /securesamba/ R

#chgrp jack /securesamba/ R (CHANGE GROUP OWNERSHIP FOR


WHO NEEDS WRITE PERMISSION)
#chcon t samba_share_t /samba/ R [OR]
#semanage fcontext a t samba_share_t /samba(/.*)?
#restorecon vvFR /samba
#chcon t samba_share_t /securesamba/ R
[OR]
#semanage fcontext a t samba_share_t /securesamba(/.*)?
#restorecon vvFR /securesamba
#getsebool a | grep smb
#setsebool P smbd_anon_write=on
#getsebool a | grep samba
#setsebool P samba_enable_home_dirs=on
#testparm (To see dump of your definitions)
#systemctl restart smb.service nmb.service
#firewallcmd permanent addservice=samba
#firewallcmd reload
#smbclient L //serverX U tom (or) sam (or) jack (or) king

CLIENT:
#yum install sambaclient.x86_64 cifsutils.x86_64 y
(NO NEED TO CREATE USERS IN EXAM. THEY ALREADY CREATED LDAP
USERS)
#useradd tom
#useradd sam
#useradd jack
#useradd king
# vim /etc/fstab
//server8/common
/samba cifs
defaults
//server8/secure
/securesamba cifs
defaults,credentials=/pass.txt,multiuser,sec=ntlmssp 0 0

00

# mkdir /samba /securesamba


# cat > pass.txt
username=jack
password= < put samba password.
Already we given in server side...
#su tom [OR] sam [OR] jack [OR] king
$cifscreds add serverX
< put samba password.
$logout
(Please Check the credentials are set or not)
#smbclient //serverX/common U tom
#smbclient //serverX/common U sam
#smbclient //serverX/secure U jack
#smbclient //serverX/secure U king

MARIADB
MYSQL PORT NUMBER : 3306
MariaDB is a communitydeveloped fork of the MySQL relational database
management system intended to remain free under the GNU GPL. It is
notable for being led by the original developers of MySQL, who forked it
due to concerns over its acquisition by Oracle. Contributors are required
to share their copyright with the MariaDB Foundation.
MariaDB intends to maintain high compatibility with MySQL, ensuring a
"dropin" replacement capability with library binary equivalency and exact
matching with MySQL APIs and commands. It includes the XtraDB storage
engine for replacing InnoDB,as well as a new storage engine, Aria, that
intends to be both a transactional and nontransactional engine perhaps
even included in future versions of MySQL.

MARIADB
SERVER:
# yum groupinstall mariadb* y
# systemctl enable mariadb.service
# systemctl start mariadb.service
# mysql_secure_installation
Enter current password for root (enter for none):
>GIVE ENTER HERE
Set root password? [Y/n]
>PRESS "Y" AND
GIVE ENTER AND GIVE NEW PASSWORD FOR ROOT.
Remove anonymous users? [Y/n]
>PRESS "Y" AND
GIVE ENTER
Disallow root login remotely? [Y/n]
>PRESS "Y" AND GIVE
ENTER
Remove test database and access to it? [Y/n]
>PRESS "Y" AND GIVE
ENTER
Reload privilege tables now? [Y/n]
>PRESS "Y" AND GIVE
ENTER

# mysql u root p
[ENTER THE NEW MARIADB ROOT PASSWORD]
MariaDB [(none)]> show databases;
> create database databasename;
> use databasename;
> create user username@localhost indentified by 'password';
(Only for
local user)
> create user username@'%' identified by 'password';
(Its global user)
> select user,host form mysql.user; (Checking users)
> grant all on databasename.tablename to 'username'@'localhost';
> grant select,create,insert,delete,update on *.* to 'username'@'%';
> flush privileges;
NOTE: *.* respectively all databases.all tables

> show grants for username@host;


> create table tablename (name varchar(30), number int(30), address char
(30));
> insert into tablename values ('name', '123', 'street');
> update tablename set name='REDHAT' where name='redhat';
> alter table tablename add Email char(40);
> alter table tablename modify fieldname int(5) (or) char(5);
> alter table tablename change oldcolumn newcolumn int(5) (or) char(5) (or)
varchar(5);
> alter table tablename rename to tablename;
> alter table tablename drop fieldname;
> to delete the object
> drop table tablename;
> to delete the table from database
> drop database databasename;
> to delete the database

> desc tablename;


> show tables;
> select * from tablename;
> select 'fieldname' from tablename where fieldname='';
> select * from tablename where fieldname='';
> exit;
#mysqldump u root p databasename > /folder/mysql.dump
> to take the backup of mysql dump
#mysql u root p databasename < /backup.mysql.dump
> push the mysql dump to database
#systemctl restart mariadb.service
#firewallcmd permanent addservice=mysql
#firewallcmd reload
#mysql h serverip u username p (Remotely login mysql)

NOTE: If you want to stop access of your database through remote login.
# netstat tulnp | grep mysql
[CHECK THE NETWORK STATUS OF MARIADB]
# vim /etc/my.cnf
LINE NO:2
skipnetworking=1
# netstat tulnp | grep mysql
# systemctl restart mariadb.service
#firewallcmd permanent addservice=mysql
#firewallcmd reload

WEBSERVER
HTTP PORT NUMBER : 80
HYPER TEXT TRANSFER PROTOCOL
Web server:
Aweb server isaninformationtechnologythatprocessesrequestsvia
HTTP,thebasicnetworkprotocolusedtodistributeinformationonthe
WorldWideWeb.Thetermcanrefereithertotheentirecomputersystem,
anappliance,orspecificallytothesoftwarethatacceptsandsupervisesthe
HTTPrequests.
Types of Web Servers:
Thereare4primarywebservers:
Apache (providedbyApache)
IIS(providedbyMicrosoft)
nginx(providedbyNGINX,Inc.andpronouncedlikeEngineX)
andGWS(providedbyGoogleandshortforGoogleWebServer)

SSL (OR) HTTPS PORT NUMBER : 443


ApacheSSLisasecureWebserver,basedonApacheandSSLeay/OpenSSL.
openssl req newx509sha1newkey rsa:1024nodeskeyout server.key
outserver.crtdays365
Let'shavealookattheoptionsindetail:
x509identifiesthatacertificateisrequired,ratherthanjustacertificate
request(seebelow).
days365setsthecertificatetoexpireinayear.Youmaywanttoextendthis
period.Makeanoteoftheexpirydatesothatyoucanrenewitwhen
necessary!
sha1specifiesthatSHA1encryptionshouldbeused.
rsa:1024setsthekeyas1024bitRSA.
nodesspecifiesnopassphrase.
keyout andoutspecifywheretostorethecertificateandkey.Thekeyshould
berootreadableonly;thecertificatecan beworldreadable,andmust be
readablebytheuserthatApacherunsas.

Dynamic Content with CGI


Asimplewebserverdeliversstaticdocumentswhicharestoredonthe
serverasfiles.Theauthorhastochangeorupdatethesedocuments
manually.AstheInternetandalsothedemandforhighlevelmultimedia
contentgrew,theneedfordynamicwebpagesarose.Webbasedapplications
rangingfromapersonaladdressbooktoonlinebankingapplicationsorabig
portalthatallowspersonalizationcaneitherbeachievedbyalteringthe
server'sfunctionality,viaserversideorclientsidescripting.Asthisdocument
isfocusedontheApacheWebServer,clientsidescriptinglikeJavaScriptwill
notbecovered.
TheCGI(CommonGatewayInterface)definesawayforawebserverto
interactwithexternalcontentgeneratingprograms,whichareoftenreferred
toasCGIprogramsorCGIscripts.Itisthesimplest,andmostcommon,wayto
putdynamiccontentonyourwebsite.Thisdocumentwillbeanintroduction
tosettingupCGIonyourApachewebserver,andgettingstartedwritingCGI
programs.

WEBSERVER
DEFAULT:
#yuminstallhttpd*y
#systemctl enablehttpd.service
#systemctl starthttpd.service
#vim/etc/httpd/conf.d/default.conf
(OR)
#vim/etc/httpd/conf/httpd.conf > goto last line
<VirtualHost *:80>
ServerAdmin root@172.25.X.11
ServerName serverX.example.com
DocumentRoot "/var/www/html/"
DirectoryIndex index.html
</VirtualHost>

#vim/var/www/html/index.html(CREATE ONE HTML FILE FOR CLASSROOM


SETUP [OR] DOWNLOAD THE HTML FILE IN EXAM)
#systemctl restarthttpd.service
#httpd t
#curlhttp://serverX.example.com
#firewallcmd permanentaddservice=http
#firewallcmd reload
#firefox &
>check through firefox http://serverX.example.com

SECURE:(SSL) HTTPS
#yum install mod_ssl y
#vim /etc/httpd/conf.d/default.conf
<VirtualHost *:443>
ServerAdmin root@172.25.X.11
ServerName serverX.example.com
DocumentRoot "/var/www/html/"
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/serverX.crt
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key
SSLCertificateChainFile /etc/pki/tls/certs/exampleca.crt
</VirtualHost>
(OR)

#vim /etc/httpd/conf.d/ssl.conf
LINE NO:59
DocumentRoot "/var/www/html"
LINE NO:60
ServerName serverX.example.com:443
LINE NO:93 (UNCOMMAND THE LINE)
SSLHonorCipherOrder on
LINE NO:100
SSLCertificateFile /etc/pki/tls/certs/serverX.crt
LINE NO:107
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key
LINE NO:116 (UNCOMMAND THE LINE)
SSLCertificateChainFile /etc/pki/tls/certs/exampleca.crt

#wget O /etc/pki/tls/certs/serverX.crt http://(PASTE LINK OF THE serverX.crt)


#wget O /etc/pki/tls/certs/exampleca.crt http://(PASTE LINK OF THE
exampleca.crt)
#wget O /etc/pki/tls/private/serverX.key http://(PASTE LINK OF THE
serverX.key)
#systemctl restart httpd.service
#httpd t
#curl https://serverX.example.com k
#firewallcmd permanent addservice=https
#firewallcmd reload
#firefox &
>Check through firefox https://serverX.example.com

WEBPAGE CONTENT MODIFICATION:


#vim /etc/httpd/conf.d/default.conf
<Directory "/var/www/html/owndir">
Order deny,allow
Deny from all
Allow from serverX.example.com
</Directory>
If you need add this also in VirtualHost Part:
<Directory "/var/www/html/owndir">
Require host serverX.example.com
</Directory>

#mkdir /var/www/html/owndir
#vim /var/www/html/owndir/index.html (CREATE ONE HTML FILE FOR
CLASSROOM SETUP [OR] DOWNLOAD THE HTML FILE IN EXAM)
#systemctl restart httpd.service
#httpd t
#curl http://serverX.example.com/owndir
#firewallcmd permanent addservice=http
#firewallcmd reload
>Check through firefox http://serverX.example.com/owndir

VIRTUALHOST:
#vim /etc/httpd/conf.d/default.conf
<VirtualHost *:80>
ServerAdmin root@172.25.X.11
ServerName wwwX.example.com
DocumentRoot "/var/www/vhost/"
DirectoryIndex index.html
<Directory "/var/www/vhost/">
Require all granted
</Directory>
</VirtualHost>

#mkdir p /var/www/vhost
#vim /var/www/vhost/index.html (CREATE ONE HTML FILE FOR CLASSROOM
SETUP [OR] DOWNLOAD THE HTML FILE IN EXAM)
#systemctl restart httpd.service
#httpd t
#curl http://wwwX.example.com
#firewallcmd permanent addservice=http
#firewallcmd reload
#firefox &
check through firefox http://wwwX.example.com/
NOTE: If you are going to change the content:
#chcon R t httpd_sys_content_t /DIRECTORY PATH
[OR]
#selinux fcontext a t httpd_sys_content_t (PATH/.*)?

DYNAMIC:
#yum install mod_wsgi* y
#vim /etc/httpd/conf.d/default.conf
Listen 8961 (THIS RANGE IS 808999 EXCEPT 80 AND 8080)
<VirtualHost *:8961>
ServerAdmin root@172.25.X.11
ServerName wsgiX.example.com
DocumentRoot "/var/www/dynamic/"
WSGIScriptAlias / /var/www/dynamic/webapp.wsgi
<Directory /var/www/dynamic/">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

#mkdir p /var/www/dynamic
#lab webapp setup (THIS IS ONLY FOR CLASSROOM SETUP)
#cp p /home/student/webapp.wsgi /var/www/dynamic/
[OR]
#wget O /var/www/dynamic/webapp.wsgi http://(PATH)
#semanage port a t http_port_t p tcp 8961
(THIS RANGE SHOULD
BE 808999 EXCEPT 80 AND 8080)
#systemctl restart httpd.service
#curl http://wsgiX.example.com:8961
#firewallcmd permanent addport=8961/tcp
#firewallcmd reload
#firefox &
>Check through firefox http://wsgiX.example.com:8961

NOTE: If you are going to change the content:


#chcon R t httpd_sys_content_t /DIRECTORY PATH
[OR]
#selinux fcontext a t httpd_sys_content_t (PATH/.*)?
If you are going to change the content for CGI:
#chcon R t httpd_sys_script_exec_t /DIRECTORY PATH
[OR]
#selinux fcontext a t httpd_sys_script_exec_t (PATH/.*)?
#restorecon vvFR /DIRECTORY PATH