Professional Documents
Culture Documents
1. Configure SELINUX
Solutions:
vim /etc/selinux/config
SELINUX=enforcing
:wq
reboot
Users can visit your two virtual machine systems via clients of domain group3.example.com through
SSH remote
Solution 1:
Solution 2:
Add a firewall
firewall-cmd reload
Create a custom command on system1 and system2 named as qstat, this custom command will
/bin/ps - Ao pid,tt,user,fname,rsz
Solutions:
:wq
source /etc/bashrc
qstat // execute
Both have to do
1. Systems in the network 172.24.11.0/24, local port 5423 will be ported to 80 when visiting system1
Solutions:
required:
Solutions:
nmcli connection add con-name team0 type team ifname team0 config
'{"runner: {"name":"activebackup"}}'
nmcli connection add type team-slave con-name team0-p1 ifname eth1 master
team0
nmcli connection add type team-slave con-name team0-p2 ifname eth2 master
team0
Configure interface eth0 on your test system, using the following IPV6 addresses:
3. Both the two systems must can communicate with systems in network 2003:acl8/64
5. Both the two systems must keep the current IPV4 address and can communicate
Solutions:
ping6 2003:ac18::30a
7. Configure the local mail service
4. You can send mail to local user author to test your configuration system
rhgls.domain11.example.com
5. Have already configured to transfer this users mails to the following URL
rhgls.domain11.example.com/received_mail/11
Solutions:
postconf -e local_transport=err:XX
vim /etc/postfix/main.cf
relayhost=[rhgls.domain11.exmaple.com]
User andy must be able to read the content of the share, if necessary, verification code is redhat
Solutions:
system1:
vim /etc/samba/smb.conf
workgroup = STAFF
[common]
path = /common
browseable = yes
:wq
mkdir /common
system2:
5. User akira must can be able to access this share through read and write, access code is redhat
6. This share permanently mount to system2. domain11.example.com the user /mnt/dev, make
user silene as authentication any users can get temporary write permissions from akira
Solutions:
system1:
mkdir /devops
vim /etc/samba/smb.conf
[devops]
path = /devops
browseable = yes
writable = no
smbpasswd -a silene
smbpasswd -a akira
system2:
mkdir /mnt/dev
vim /etc/fstab
defaults,multiuser,username=silene,password=redhat,sec=ntlmssp 0 0
df hT
Test:
Switch to user akira on the system2, access to /mnt/dev and view files
su akira cd
/mnt/dev ls
touch 1
1. Share the directory /public in read only way, just can be accessed by systems in
2. Share the directory /protected in rad and write way, Kerberos security encryption required, you
URL: http://host.domain11.example.com/materials/nfs_server.keytab
3. Directory /protected should contain the sub directory named project and deepak;
Solutions:
system1:
vim /etc/exports
/protected 172.24.11.0/24(rw,sync,sec=krb5p)
/public 172.24.11.0/24(ro,sync)
wget -O /etc/krb5.keytab
http://host.domain11.example.com/materials/nfs_server.keytab
vim /etc/sysconfig/nfs
:wq
exportfs ra
showmount e
firewall-cmd --add-service=mountdpermanent
mkdir -p /protected/project
ll /protected/
2. Mount the /protected to the directory /mnt/nfssecure, in a security way, key download URL:
http://host.domain11.example.com/materials/nfs_client.keytab
Solutions:
system2:
showmount -e system1
mkdir -p /mnt/nfsmount
vim /etc/fstab
mount a
df h
mkdir /mnt/nfssecure
wget -O
/etc/krb5.keytab
http://host.domain11.example.com/materials/nfs_client.keytab
vim /etc/fstab
:wq
mount a
12. Implement a web server
Exam Environment:
Take examinations on a real system with a pre-installed virtual machine. All exams must be
completed in the virtual machine. Network must be well configured. If the network cannot be
accessed, you will not pass the exam. In the iptables configuration, if you need to refuse the access,
please use Reject. (The default is set as ACCEPT.)
Note:
1. All the software package is stored at http://ip/dir/cdom.
2. You can use the real machine to verify whether the examination experiment is correctly
completed in the virtual machine.
3. The network environment:
Host name: station.domainX0.example.com
IP Address: 172.24.X0.5/24 (If your machine is No.1, X0 is 10.)
Gateway: 172.24.10.254
4. You can use a real machine to verify the configuration of the virtual machine is properly completed:
(different exam not the same Network domain, please look the situation)
dn10.ws.com domain is 172.28.10.0/24 network.
tk.com domain is 172.18.0.0/16 network.
Generally, the network is required to be rejected in exam.
Complete the task before the exam:
1. Reset root password
(1) Press any key to enter the menu within 5 seconds.
(5) Press the "Enter" key, return to the start menu. Now press the letter "b" key to boot the system.
Answers:
(1) Configure Host Name.
# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=dtop5.dn.ws.com
GATEWAY=172.28.10.1
(2) Configure IP Address, Gateway and DNS.
Configure the network by Network Manager:
Note: Please remember to choose two options:
* Connect automatically
* Available to all users
Click "Apply", save and exit, and restart your network services:
# Service network restart
(3) Validate these profiles:
a) Check gateway: # vim / etc / sysconfig / network
The next day, preparation of RHCE. Attention, in the exam, Internet and system environment have
been done in advance so you just need to operate directly. Remember the following several points:
(1) Remembering just operate on Virtual machine, dont do anything on physical machine.
(2) Remembering your fire wall MUST BE emptied or bear your own consequences.
(3) Remembering to start using all the services. (chkconfig)
Question 1
In accordance with the following requirements to deploy ssh login service:
(1) harry belongs to example.com which can remote login your systems.
(2) However, users of remote.test cannot use ssh login to your machine.
Answer:
[root@server1 ~]# grep sshd /etc/hosts.allow
sshd:.example.com
[root@server1 ~]# grep sshd /etc/hosts.deny
sshd:.remote.test
Notice:
tcp_wrappers has two configuration files and their priority level is
/etc/hosts.allow->/etc/hosts.deny
Question 2
Via nfs service share the /common directory in your system, just doing ONE share in example.com
domain.
Answer:
[root@server1 ~]# grep common /etc/exports
/common *.example.com(ro,sync)
Question 3
According to the following requirements, deploying your ftp login rule:
(1) Users in example.com domain must be able to login to your ftp server as an anonymous user.
(2) But users outside the example.com domain are unable to login to your server.
Answer:
[root@server1 ~]# grep vsftpd /etc/hosts.deny
vsftpd:.example.com
[root@server1 ~]# grep vsftpd /etc/hosts.deny
vsftpd:ALL
/etc/vsftpd/vsftpd.conf:
anonymous_enable=YES
Question 4
Deploying your exam system: linking to the iscsi target in the instructor.example.com and
distinguish it well, then formatted as ext3 file system. You must can be able to mout the file system
of the iscsi target to the /mnt/iscsi directory in your own system and make this file system can
automatically mount (permanently mount) after system restart.
Answer:
[root@server1 ~]# iscsiadm --mode discoverydb --type sendtargets --
portal
instructor.example.com --discover
192.168.0.254:3260,1 iqn.2010-09.com.example:rdisks.server1
[root@server1 ~]# iscsiadm --mode node -targetname
iqn.2010-09.com.example:rdisks.server1
--portal instructor.example.com --login
Logging in to [iface: default, target:
iqn.2010-09.com.example:rdisks.server1, portal:
192.168.0.254,3260] (multiple)
Login to [iface: default, target:
iqn.2010-09.com.example:rdisks.server1, portal:
192.168.0.254,3260] successful.
Notice:
This part also need to be formatted and modify /etc/fstab mount
Question 5
In accordance with the following requirements, sharing /common directory through smb
service.
-- your sub service must be in the SAMBA working-set
-- the shared name of common is common
-- the common share just can be shared by the customers in the example.com domain
-- the common must can be available for browsing
-- mary must can login to the smb share and for read operation, password is the secret code if it
need to be verified
Answer:
[root@server1 iscsi]# grep -v "^\s*#" /etc/samba/smb.conf | grep -v
"^\s*;" | grep -v "^\s*$"
[global]
workgroup = SAMBA
server string = Samba Server Version %v
hosts allow = 127. 192.168.0.
security = user
passdb backend = tdbsam
[common]
comment = Public Stuff
path = /common
public = no
browseable = yes
printable = no
read only = mary
Add SMB Mary users
smbpasswd -a mary
Modify the security context of /common directory
chcon -R -t samba_share_t /common
Question 6
Arrange a web service address is: http://serverX.example.com, X is the number of your exam
machine. Deploy it in accordance with the following requirements:
-- Download ftp//instructor.example.com/pub/rhce/server.html
-- Cannot do any modification to file documwent server.html
-- Rename file document server.html as index.html
-- Copy the file document server.html to DocumentRoot
Answer:
[root@server1 common]# cd /var/www/html/
[root@server1 html]# lftp instructor.example.com
lftp instructor.example.com:~> cd pub/rhce
cd ok, cwd=/pub/rhce
lftp instructor.example.com:/pub/rhce> get server.html
20 bytes transferred
[root@server1 html]# mv server.html index.html
[root@server1 html]# restorecon -Rv /var/www/html/
[root@server1 html]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@server1 html]# chkconfig httpd on
Question 7
Expand your web service including a virtual hosting, address ishttp://wwwX.example.com, X is
the number of your exam machine. However, requiring you do as the following:
-- Set up the DocumentRoot of this virtual hosting as /var/http/virtual
-- Download ftp//instructor.example.com/pub/rhce/www.html
-- Rename www.html file document as index.html
-- Move this file document to this virtual hostings DocumentRoot
-- Don't do any changes to this document
-- Making sure that harry users are able to create project in /var/http/virtual
Attention: Original web address is http://serverX.example.com must also can be browsed.
The DNS of the Server instructor.example.com has already been analyzed as the domain
wwwX.example.com.
Answer:
[root@server1 html]# mkdir -p /var/http/virtual
[root@server1 html]# cd /var/http/virtual/
[root@server1 virtual]# lftp instructor.example.com
lftp instructor.example.com:~> cd pub/rhce
lftp instructor.example.com:/pub/rhce> get www.html
17 bytes transferred
lftp instructor.example.com:/pub/rhce> quit
[root@server1 virtual]# mv www.html index.html
[root@server1 virtual]# useradd harry
[root@server1 virtual]# chgrp harry .
[root@server1 virtual]# chmod 775.
Edit /etc/httpd/conf/httpd.conf, add the follow content:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/http/virtual
ServerName www1.example.com
<Directory /var/http/virtual/limited>
Options Indexes MultiViews FollowSymlinks
order deny,allow
deny from all
allow from 192.168.0.
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerName server1.example.com
Part 2
Question 14
Please set the SElinux status as enforcing.
Answer:
# getenforce 1
# vim /etc/sysconfig/selinux
SELINUX=enforcing
Question 15
Please open the ip_forward, and take effect permanently.
Answer:
# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl -w (takes effect immediately)
If no sysctl.conf option, use these commands:
# sysctl -a |grep net.ipv4
# sysctl -P net.ipv4.ip_forward = 1
# sysctl -w
Question 16
Configure ssh to allow user harry to access, reject the domain t3gg.com (172.25.0.0/16) to access.
Answer:
# yum install -y sshd
# chkconfig sshd on
# vim /etc/hosts.deny
sshd: 172.25.0.0/16
# service sshd restart
Use iptables:
# chkconfig iptables on
# iptables -F
# iptables -X
# iptables -Z
# iptables -nvL
# iptables -A INPUT -s 172.25.0.0/16 -p tcp --dport 22 -j REJECT
# services iptables save
# iptables -nvL
# cat /etc/services (check port)
Question 17
Configure the ftp to allow anonymously download the directory /var/ftp/pub, and reject the domain
t3gg.com to access.
Answer:
# yum install -y vsftpd
# chkconfig vsftpd on
# services vsftpd start
# vim /etc/hosts.deny
vsftpd: 172.25.0.0/16
OR
# iptables -A INPUT -s 172.25.0.0/16 -p tcp -dport 20:21 -j REJECT
# services iptables save
Question 18
Shutdown the /root/cdrom.iso under /opt/data, and set as boot automatically mount.
Answer:
# cd /opt/
# mkdir data
# mount -t iso9660 -o loop /root/cdrom.iso /opt/data
# vim /etc/fstab/root/cdrom.iso /opt/data iso9660 defaults,loop 0 0
# mount -a
# mount
Question 19
Configure the web server, which can be accessed by:
http://st ation. dom ain30. exa m ple.com .
Answer:
# yum install -y httpd
# chkconfig httpd on
# cd /etc/httpd/conf/
# vim httpd.conf
NameVirtualHost 172.24.30.5:80
<VirtualHost 172.24.30.5:80>
DocumentRoot /var/www/html/
ServerName tation.domain30.example.com
</VirtualHost>
# service httpd restart
Question 20
Configure the web server, and implement the virtual host. http://www.domain30.example.com can
access the pages under the directory: http ://ip/ dir/ exam ple.htm l. And make sure,
http://station.domain30.example.com can also access the previous content.
Answer:
# mkdir -p /www/virtual
# cd /www/virtual
# wget http://ip/dir/example.com
# cp example.com index.html
# se manage fcontext -a -t httpd_sys_content_t /www/.*)?
restorecon -vRF /www
# vim /etc/httpd/conf/httpd.conf (Add new VirtualHost)
<VirtualHost 172.24.30.5:80>
DocumentRoot /www/virtual/
ServerName www.domain30.example.com
</VirtualHost>
# chcon -R --reference=/var/www/html/ /www/
# service httpd restart
OR
Use elinks to test.
# mkdir -p /www/virtual
# cd /www/virtual
# wget http://ip/dir/example.html
# mv example.html index.html
# chcon -R --reference=/var/www/html/ /www/
# ls -ldZ /www/virtual
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerName station.domain30.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /www/virtual/
ServerName www.domain30.example.com
</VirtualHost>
# service httpd restart
Question 21
Download file from http://ip/dir/restircted.html, and the local user harry can access it by
http://station.domain30.example.com/restircted.html, and cannot be accessed by t3gg.com.
Answer:
# cd /var/www/html
# wget http://ip/dir/restircted.htm
# iptables -A INPUT -s 172.25.0.0/16 -p tcp -dport 80 -j REJECT
# service iptables save
OR
# yum install httpd
# service httpd restart
# chkconfig httpd on
# cd /var/www/html
# wget http://ip/dir/restricted.html
# iptables -A INPUT 172.25.0.0/16 -p tcp --dport 80 -j REJECT
# service iptables save
# service iptables restart
# elinks http://station.domain30.example.com/restricted.html
Part 3
Question 30
There are two different networks 192.168.0.0/24 and 192.168.1.0/24. Where 192.168.0.254 and
192.168.1.254 IP Address are assigned on Server. Verify your network settings by pinging
192.168.1.0/24 Network's Host.
Answer:
1. vi /etc/sysconfing/network
NETWORKING=yes
HOSTNAME=station?.example.com
GATEWAY=192.168.0.254
2. service network restart
Or
1. vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=X.X.X.X
NETMASK=X.X.X.X
GATEWAY=192.168.0.254
2. ifdown eth0
3. ifup eth0
Question 31
One Logical Volume is created named as myvol under vo volume group and is mounted. The Initial
Size of that Logical Volume is 400MB. Make successfully that the size of Logical Volume 200MB
without losing any data. The size of logical volume 200MB to 210MB will be acceptable.
Answer:
1. First check the size of Logical Volume: lvdisplay /dev/vo/myvol
2. Make sure that the filesystem is in a consistent state before reducing:
# fsck -f /dev/vo/myvol
3. Now reduce the filesystem by 200MB.
# resize2fs /dev/vo/myvol 200M
4. It is now possible to reduce the logical volume.
#lvreduce /dev/vo/myvol -L 200M
4. Verify the Size of Logical Volume: lvdisplay /dev/vo/myvol
5. Verify that the size comes in online or not: df h
Question 32
You are giving RHCE exam. Examiner gave you the Boot related problem and told to you that make
successfully boot the System. When you started the system, System automatically asking the root
password for maintenance. How will you fix that problem?
Answer:
Maintenance mode also known as emergency mode. System boots on emergency mode when file
system error occurred. It is due to unknown partition, bad filesystem specified in /etc/fstab. To solve
follow the steps:
1. Give the Root password
2. fdisk -l Verify the Number of parathions
3. Identify the Root partition, e2label /dev/hda1, e2label /dev/hda2
4. Remount the root partition on rw mode: mount -o remount,defaults
/dev/hda6/
5. vi /etc/fstab
Correct all partitions, mount point, mount options, file system etc.
6. Press Ctrl+d
Question 33
You are working as an Administrator. There is a common data shared (/data) from 192.168.0.254
to all users in your local LAN. When user's system start, shared data should automatically mount
on /common directory.
Answer:
To automatically mount at boot time, we use the /etc/fstab file. Because /etc/rc.d/rc.sysinit file reads
and mount all file system specified in /etc/fstab. To mount Network Sharing Files also use the
/etc/fstab but filesystem is nfs.
1. vi /etc/fstab
192.168.0.254:/data / common nfs defaults 0 0
2. reboot the system
Question 34
Create the group named sysusers.
Answer:
1. groupadd sysusers
groupadd command is used to create the group and all group information is stored in /etc/group file.
Question 35
Create the user named jeff, marion, harold
Answer:
1. useradd jeff
2. useradd marion
3. useradd harold
useradd command is used to create the user.
All user's information stores in /etc/passwd and users shadow password stores in /etc/shadow.
Question 36
Make Secondary belongs the jeff and marion users on sysusers group. But harold user should not
belongs to sysusers group.
Answer:
1. usermod -G sysusers jeff
2. usermod -G sysuser marion
3. Verify by reading /etc/group file
Using usermod command we can make user belongs to different group. There are two types of
group one primary and another is secondary. Primary group can be only one but user can belongs
to more than one group as secondary.
usermod -g groupname username to change the primary group of the user
usermod -G groupname username to make user belongs to secondary group.
Question 37
Create the directory /storage and group owner should be the sysusers group.
Answer:
1. chgrp sysusers /storage
2. Verify using ls -ld /storage command
You should get like drwxr-x--- 2 root sysusers 4096 Mar 16 17:59 /storage chgrp command is used
to change the group ownership of particular files or directory.
Another way you can use the chown command.
chown root:sysusers /storage
Question 38
Make on /storage directory that only the user owner and group owner member can fully access.
Answer:
1. chmod 770 /storage
2. Verify using: ls -ld /storage
Preview should be like:
drwxrwx- 2 root sysusers 4096 Mar 16 18:08 /storage
To change the permission on directory we use the chmod command. According to the question that
only the owner user (root) and group member (sysusers) can fully access the directory so: chmod
770 /archive
RHCE Test Configuration Instructions
Information for the two systems you will use in test is the following:
system1.group3.example.com: is one of the main sever.
system2.group3.example.com: mainly used as a client.
Password for both of the two systems is atenorth
Systems IP is provided by DHCP, you can regard it as normal, or you can reset to Static IP in
accordance with the following requirements:
system1.group3.example.com: 172.24.3.5
system2.group3.example.com: 172.24.3.10
The subnet mask is 255.255.255.0
Your system is a member of DNS domain group3.example.com. All systems in DNS domain
group3.example.com are all in subnet 172.24.3.0/255.255.255.0, the same all systems in this
subnet are also in group3.example.com, unless specialized, all network services required to be
configured can be accessed by systems of domain group3.
host.group3.example.com provides a centralized authentication service domain
GROUP3.EXAMPLE.COM, both system1 and system2 have already been pre-configured to be the
client for this domain, this domain provides the following user account:
krishna (password: atenorth)
sergio (password: atenorth)
Answer:
getenforce // View the current SELINUX mode
setenforce 1 // Sets the SElinux temporarily to enforcing mode
vim /etc/selinux/config
SELINUX=enforcing
:wq
getenforce
enforcing
Answer:
Modify /etc/hosts.allow file
Add sshd: 172.24.11.
Modify /etc/hosts.deny file
Add sshd: 172.25.0.
// You need to configure that on both two virtual machine systems
Or
Add the firewall policy
firewall-cmd zone=block --add-source=172.25.11.0/24 --permanent
firewall-cmd reload
// You need to configure that on both two virtual machine systems
3. Customize the User Environment
Create a custom on system1 and system2 named qstat and this custom command will execute the
following command:
/bin/ps Ao pid,tt,user,fname,rsz
This command is valid for all users in systems.
Answer:
vim /etc/bashrc // Restart remain valid
alias qstat=/bin/ps Ao pid,tt,user,fname,rsz
:wq
source /etc/bashrc
alias // Check if there is qstat
qstat
// You need to configure that on both two systems
Answer:
Using graphical interface configuration
In the CLI use firewall config - open graphical
interface Set configuration as permanent
Add a strategy to the public area of the Port
Forwarding
Answer:
If you don't remember how to write the name you can view the example in /var/share/doc/team -
1.9 / example_configs/
nmcli connection add con-name team0 type team ifname team0 config
'{"runner":{"name":"activebackup"}}'
nmcli con modify team0 ipv4.addresses '172.16.11.25/24'
nmcli connection modify team0 ipv4.method manual
nmcli connection add type team-slave con-name team0-p1 ifname eth1 master
team0
nmcli connection add type team-slave con-name team0-p2 ifname eth2 master
team0
nmcli connection up team0
nmcli con up team0-p1
nmcli con up team0-p2
Answer:
nmcli con mod eth0 ipv6.addresses 2003:ac18::305/64
nmcli con mod eth0 ipv6.method manual
systemctl restart network
nmcli con mod eth0 ipv6.addresses 2003:ac18::30a/64
nmcli con mod eth0 ipv6.method manual
systemctl restart network
ping6 2003:ac18::30a
7. Configure Local Mail Service
Configure mail service on system1 and system2, meet the following requirements:
(1) These services do not receive external sending mails
(2) Any mails transmitted by local will be automatically routed to rhgls.domain11.example.com
(3) Mails sent from these systems display from rhgls.domain11.example.com
(4) You can test you configuration by sending mails to local user arthur, system
rhgls.domain11.example.com
(6) You have already configured this users mail to the following URL
rhgls.domain11.example.com/received_mail/11
Answer:
postconf -e local_transport=err:XX
vim /etc/postfix/main.cf
relayhost=[rhgls.domain11.exmaple.com]
postconf -e myorigin=domain11.example.com
systemctl restart postfix
echo aaa | mail -S hello dave
Open in a browser rhgls.domain11.example.com/received_mail/11
8. Configure SMB Shared Folder
Configure the SMB service on system1
Your SMB server must be a member of the STAFF Working Group
Share the folder /common and the name must be common
Only clients of domain11.example.com can access the shared common
common must can be read
User andy must can read the content of the shared, if necessary, verification password is redhat
Answer:
system1:
yum -y install samba samba-client
firewall-cmd --add-service=samba --permanent
firewall-cmd --add-service=mountd permanent
systemctl restart firewalld
vim /etc/samba/smb.conf
workgroup = STAFF
[common]
path = /common
hosts allow = 172.24.11.
browseable = yes
:wq
mkdir /common
chcon R t samba_share_t /common/
smbpasswd -a andy
systemctl start smb
systemctl enable samba
system2:
yum install y cifs-utils samba-client
9. Configure Multi-User SMB Mounts
Share directory /devops via SMB and meet the following requirements:
(1) The share name is devops
(2) The shared directory devops can only be used by clients in domain domain11.example.com
(3) The shared directory must can be browsed
(4) User kenji must be able to access this share through reading, accessing password is redhat
(5) User chihiro must be able to access this share through reading and writing, accessing password
is redhat
This share permeant mount to directory /mnt/dev in system2.domain11.example.com, and let user
silene as an authentication that any users can obtain temporary permission to write through user
akira
Answer:
system1:
mkdir /devops
chcon -R -t samba_share_t /devops/
chmod o+w /devops/
vim /etc/samba/smb.conf
[devops]
path = /devops
hosts allow = 172.24.11.
browseable = yes
writable = no
write list = akira
:wq
systemctl restart smb
smbpasswd -a silene
smbpasswd -a akira
system2:
mkdir /mnt/dev
smbclient -L /system1/ -U silene
vim /etc/fstab
//system1/devops /mnt/dev cifs
defaults,multiuser,username=silene,password=redhat,sec=ntlmssp 0 0
df hT
Testing:
Switch to user akira on system2, enter /mnt/dev and view the file
su akira
cd /mnt/dev
ls
cifscreds add system1
touch 1
10. Configure NFS Service
Configure NFS service on system1, requirements are as follows:
(1) Share the directory /public in read access and only can be accessed by systems in domain
domain11.example.com
(2) Share the directory /protected in read-write access and can be accessed by systems in
domain11.example.com
(3) Access /protected through secure encryption from kerberos, you can use the key from the
following URL http://host.domain11.example.com/materials/nfs_server.keytab
(4) The directory /protected should contain a subdirectory named project and owner is deepak
(5) User deepak can read-write access /protected/project
Answer:
system1:
vim /etc/exports
/protected 172.24.11.0/24(rw,sync,sec=krb5p)
/public 172.24.11.0/24(ro,sync)
wget -O /etc/krb5.keytab
http://host.domain11.example.com/materials/nfs_server.keytab
vim /etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2 "
:wq
systemctl restart nfs
systemctl start nfs-secure-server
systemctl enable nfs-secure-server
exportfs ra
showmount e
firewall-cmd --add-service=nfs permanent
firewall-cmd --add-service=rpc-bind permanent
firewall-cmd --add-service=mountdpermanent
systemc tl restart fiewalld
mkdir -p /protected/project
chown deepak /protected/project/
ll /protected/
chcon -R -t public_content_t /protected/project/
11. Mount an NFS Share
Mount an NFS share system1.domain11.example.comon system2, and meet the following
requirements:
(1) Mount /public to the directory /mnt/nfsmount
(2) Mount /protected to the directory /mnt/nfssecure and use a safe mode. Key can download from
the following URL: http://host.domain11.example.com/materials/nfs_client.keytab
(3) User deepak can creat files in /mnt/nfssecure/project
(4) These file systems mount automatically when system start
Answer:
system2:
showmount -e system1
mkdir -p /mnt/nfsmount
vim /etc/fstab
system1:/public /mnt/nfsmount nfs defaults 0 0
mount a
df h
mkdir /mnt/nfssecure
wget -O /etc/krb5.keytab
http://host.domain11.example.com/materials/nfs_client.keytab
vim /etc/fstab
system1:
/protected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0
:wq
mount a
12. Configure a Web Service
Configure a web on system1: http://systeml.domain11.example.com/ then implement the following
steps:
(1) Download file from http://rhgls.domain11.example.com/materials/station.html and rename this
file as index.html, dont modify the file contents
(2) Copy the file index.html to your web server's DocumentRoot directory
(3) Clients from domain group3.example.com can access to this web service
(4) Clients from domain my133t.org deny access to this web service
Answer:
yum groupinstall web\* -y
systemctl start httpd
systemctl enable httpd
vim /etc/httpd/conf/httpd.conf
/ServerName
ServerName server1.domain11.example.com:80
systemctl restart httpd
wget -O index.html
http://rhgls.domain11.example.com/materials/station.html
firewall-config
systemctl restart firewalld
Answer:
<virtualhost *:80>
documentroot /var/www/html
servername system1.domain11.example.com
</virtualhost>
<virtualhost *:443>
documentroot /var/www/html
servername system1.domain11.example.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server1.crt
SSLCertificateKeyFile /etc/pki/tls/private/server1.key
SSLCertificateChainFile /etc/pki/tls/certs/domain11.crt
<virtualhost>
systemctl restart httpd
firewall-cmd --add-service=https permanent
systemctl restart firewalld
Answer:
mkdir p /var/www/ virtual
cd /var/www/ virtual
wget O index.html http://rhgls.domain11.example.com/materials/www.html
vim /etc/httpd/conf/httpd.conf
<virtualhost *:80>
documentroot /var/www/virtual
servername www.domain11.example.com
</virtualhost>
setfacl -m u:andy:rwx /var/www/virtual
su andy
touch /var/www/virtual/11.html
15. Configure the Access to the Web Content
Create a directory named private under the directory DocumentRoot in the web server of system1,
requirements are the following:
(1) Download a copy of a file to this directory from
http://rhgls.domain11.example.com/materials/private.html and rename as index.htm
(2) Dont do any modifications to this file content
(3) Anyone can browse the content of private in system1, but cannot access this directory through
other systems
Answer:
mkdir /var/www/virtual/private
mkdir /var/www/html/private
cd /var/www/virtual/private
wget -O index.html
http://rhgls.domain11.example.com/materials/private.html
cd /var/www/html/private
wget -O index.html
http://rhgls.domain11.example.com/materials/private.html
<Directory "/var/www/html/private">
AllowOverride none
Require all denied
Require local
</Directory>
<Directory "/var/www/virtual/private">
AllowOverride none
Require local
Require all denied
</Directory>
16. Realize Dynamic Web Content