Phase A For the first Phase, We have performed a simple installation and have cr eated eight problems for

you to solve. We express these problems in terms of end states. The conditions below will not exist on you system at the begining. Your task in Phase A is fix or modify the Red Hat Enterprise Linux installation on y our system such that these conditions do exist: Compulsory 1: (T01) the examiner can log into your system as root using the pass word "redhat". The home the directory must be /root. Stop the system starts up normally, entry to grub, press e to edit the kernel to start, plus "space" to choose a single-user mode, reboot press "b"; into single user mode, #setenforce 0 / to off Selinux, if already in force the words; #passwd and enter the root account password; recommend the use of the redhat change it back before the end of the exam requir ed password. Compulsory 2: (T02) ping 192.168.0.254 is successful, and your system uses stati c networking as described in root /network.txt Compulsory 3: (T03) ping instructor.example.com successfuly resolves that hostna me using DNS (compulsory) Cat network files to view exam network System-config-network to configure eth0 parameter, the DNS; Hostname serverX Vim /etc/sysconfig/network Review: NETWORKING=yes vim /etc/ifg-eth0 modified: the ONBOOT = yes /etc/init.d/ NetworkManager is stop testing required: //local host name loginout /login entry into force; the Ping .254 server; the Host instructor; host instructor.example. com check the host DNS resolution; Pay attention, you must successfully fixed T02 and T03 can complete your RHCE ex amime. If you successfuly all of them please visiting the website to next for yo ur RHCE exame. http://instructor.example.com/examine/exrhce ---- --------------------- your sys tem is installed the distribution is available via: NFS instructor.example.com :/var/ftp/pub/rhel6/dvd YUM http://instructor.example .com/pub/rhel6/dvd The RHCT (Local) Requirements Install the dialog the RPM package. vim /etc/yum.repos.d/*.repo [yum] Name=yum Baseurl=http://instructor.example.com/pub/rhel6/dvd gpgcheck=0 yum -y install dialog //test yum source; The SELinux must be running in the Enforcing the mode. vim /etc/selinux/config; modified:SELINUX = in permissive Reboot ct! ! ! Iptables-vnL Service iptables save // here need to restart to take effe

Chkconfig iptables on The firewall needs to be enabled. Mount the /root/examine.iso to the /mnt/iso folder. Automatically useable at sys tem boot time. Mkdir /mnt/iso Vim is /etc/fstab to add entries :/root/examine.iso /mnt.iso iso9660 defaults 0 0 , you can view file type of the Mount-a / / mount the loop file + file name "0 0

. Some users home directory is shared from your system, using showmount-e localh ost command, the share directory is not show, make access the share users home d irectory. the showmount-e the localhost prompt error the yum - y install nfs, * the servic e nfs, restart the chkconfig nfs, on the showmount-e localhost can see the share d directory . Find the files which ownership is lucy, and copy files to / tmp / findfiles Mkdir / tmp / findfiles Find /-user lucy-exec cp-a {} / tmp / findfiles / \; Comment [LU1]: to retain the original file's own, the group attribute unchanged; Comment [LU2]: the escape character "\" terminator ";" 2/11 . In your system has a logical volume is created named as common under vol0 volu me group and is mount on / common, The initial size of that volume is 124MB, mak e successfully that the size of logical volume 190MB without losing any data. Th e size logical volume 160MB-200MB will be acceptable. At Vgs / / confirm the adequacy of spare capacity in the vg, you need to add a n ew partition is not enough; Lvextend-L 190M / dev / vgsrv / common Resize2fs-f / dev / vgsrv / common . In your system has another logical volume is create name as shrink under vol0 volume group and is mount / shrink, The initial size of that valume is 320MB shr ink successfully that the size of logical volume 200MB without losing any data, pay attention the size logical volume 192MB-240MB will be acceptable. Umount / E2fsck shrink-f / dev / vgsrv / shrink / / use echo $ the results Resiz e2fs-f / dev / vgsrv / shrink 200M Lvreduce-L 200M / dev / vgsrv / shrink the Mo unt-a Df in-h / / Check # reboot / / recommended to restart to take effect! Easy to rule out mistakes! . Make a swap partition have 512MB, make automatically useable at system boot ti me. Fdisk / dev / vda 'n' to create a new partition 512M / dev/vda5; 't' to change t he type '82 swap partition '' w 'write Partx-a / dev / vda Mkswap / dev/vda5 Vim is / etc / fstab to add entries: the / dev/vda5 swap swap defaults Swapon / dev /vda5 Swapon-s / / to view the swap partition

00 Annotation [LU3]: If the requirements of the priority here can be replaced by "p ri = 3 Swapoff / dev/vda5 / / uninstall the swap partition. Create the following users, groups, and group memberships: - A group named admin - A user mary who belongs

to the admin as a secondary group - A user alice 'who also belongs to admin as a secondary group - A user bobby who dose not have access to an interactive shell on the system, and who is not a member of admin - mary, alice, and bobby should all have the passwd of "password" 3/11 # # # # # Groupadd admin useradd-G admin mary useradd-G admin alice useradd-s / sbin / nol ogin bobby echo password | passwd-stdin mary

# Echo password | passwd-stdin alice '# echo password | the passwd-stdin bobby C at / etc / passwd authentication . Create a colloborative directory / common / admin with the following character istics: - Group ownership of / common / admin is admin - The directory should be readable, writable, and accessiable to members of admin, but not to any other u sers. ( It is understood that root has access to all files and directories on th e system) - Files created in / common / admin automatically have group ownership set to the admin group # Mkdir / common / admin # chgrp, the admin the admin # chmod g + directory # ch mod o-rwx, rwx the admin admin # chmod g + s admin / / S property makes the crea ted files and subdirectories in the directory belong to the directory property o wned by the group, the directory T makes the owner and root of the directory to delete the directory. . Install the appropriate kernel update from ftp, The following criteria must al so be met: ftp://instructor/pub/updates. - The updated kernel is the default ker nel when the system is rebooted - The original kernel remains available and boot able on the system ftp downloading the kernel file to the local space (2 files); cd / root / Downlo ads / rpm-ivl new kernel rpm ll / boot / / you can see the kernel documentation; vim / boot / grub / brug.conf / / sure to point to the new kernel reboot / / ne ed to restart! Uname-r / / authentication system using the kernel . The Enable IP forwarding on your system. vim / etc / sysctl.conf Review: net.ipv4.ip_forward = 1 Sysctl-P / / update set . Set up default loacl print queue to forward jobs to the IPP (CUPS) print queue serverX on instructor.example.com, where x is your desktop number. Configure th e printer as a "Generic - text-only" print queue. 4/11 System-config-printer new IPP verify verification; named serverX;

# The lpr notice / / test to see if the printer queue extensions: printer right click - properties, you can set the user filtering . The user mary must configure a cron job that runs daily at 14:23 local time an d execute - / bin / echo "Hello World." su-mary the crontab-e add an entry: 23 14 *** / bin / echo "Hello World" # Servi ce the crond restart / / switch to root the chkconfig the crond on Access control: vim / etc / the cron.deny / / for each user and his party, restr

ictions on the use of cron command; Vim is the / etc / cron.allow / / default is no such file, the promise of file Note cron.allow priority higher than cron.den y . Bind to the ldap domain provided by 192.168.0.254 for user authentication. Not e the following: - ldapuserx should be able to log into your system, where x is your desktop number, but will not have a home directory until you have completed autofs The requirement below - All an LDAP the user have a password of "passwor d" Yum-y install directory-client * Service sssd restart Chkconfig sssd on / / sssd cache function System-config-authentication Server: You must fill in the domain name can not be the IP; certificate import was successful there would be prompt ! # Getend passwd ldapuserX / / authentication ldap whether . Configure autofs to automount the home directory of NIS users. Note the follow ing: - instructor.example.com (192.168.0.254) NFS-exports / home / guests / ldap userx to your system, where x is your desktop number - ldapuserx home directory is instructor.example.com :/ home / guests / ldapuserx - ldapuserx home director y should be automounted locally beneath / home / guests / ldapuerx - home dierct ories must be writable by their users - While you are able to log in as any of u sers ldapuser1 through ldapuser20, the only home directory that is accessible fr om your system is ldapuserx. 5/11 # Showmount-e 192.168.0.254 # nfs service pack has been installed, otherwise nee d to install

# The mkdir / home / guests # chmod 777 / home / guests Vim is the / etc / auto. master add :/ home / guests / etc / auto.ldap Vim is the / etc / auto.ldap Add: ldapuserX-rw 192.168.0.254 :/ home / guests / ldapuserX Service autofs reload / / reload the autofs configuration 3, this is more convenient; Chkconfig autofs o n Su-ldapuserX / / test, write an empty file to verify write permissions! . Copy the file / etc / fstab to / var / tmp. Configure the permissions of / var / tmp / fstab so that: - the file / var / tmp / fstab is owned by root user - t he file / var / tmp / fstab belongs to group root user - the file / var / tmp / fstab should not to be executable by anyone - the user mary is able to read and write / var / tmp / fstab - the user alice can neither write nor read / var / tm p / fstab - all other users (current of future) have the avility read / var / tm p / fstab # Mkdir / var / tmp-p Cp / etc / fstab / var / tmp # tune2fs / dev / mapper / vg srv-root / / view the partition is open acl, the system partition is enabled by default. In fstab, defaults, acl to add! Acl Setfacl-mu: mary: rw fstab Setfaclmu: alice: --- fstab Getfacl fstab / / View, the file '+'; Setfacl-mm :: r fstab / / set the mask property of a mask is only the beginning outside the entry int o force of the root, other; Chkconfig for ntpd # system-config - the date on ver ification using the ntpq-c pe of # vim / boot / grub / grub.conf to add entries; such as selinux = 1 cat / proc / cmdline / / need to restart! . Configure your system so that is an NTP client of instructor.example.com Supplementary content: requirement to modify the kernel boot properties displaye d in the / proc / cmdline; 6/11

RHCE part of the Installation the Instructions . Configure SSH access as follows: - harry has remote SSH access to your machine from within example.com - Clients within remote.test should NOT have access to ssh your system # Install the sshd; the service; the chkconfig # vim / etc / hosts.deny as in th e sshd: 192.168.1. / / No need to reboot will come into effect! Expansion: restr ict the root user to remotely log on Vim is / etc / ssh / ssh permitRootLogin th e no / / restart the service to take effect The Export your / the common the directory via NFS to the the example.com the do main only # Install nfs, *; the service; the chkconfig Vim is the / etc / exports / common 192.168.0.0/24 (rw, sync, no_root_squash) Showmount-e 192.168.0.103 / / can vie w the resources, but limited segment can not be mounted! Annotation [the LU4]: Close to the root user is mapped to the ordinary user func tionality; . Configure FTP access on your system: - Clients within the example.com domain s hould have anonymous FTP access to your machine - Clients outside example.com sh ould NOT have access to your FTP Service # Install vsftpd; service; chkconfig # cd / var / ftp # chmod 777 pub / Vim / et c / hosts.deny Vsftpd: ALL Vim / etc / hosts.allow Vsftpd: 192.168.0. Vim / etc / vsftpd / vsftp.conf anonymous_enable = YES anon_upload_enable = YES # getseboo l-a | grep ftp / / View Sebool value # setsebool-P allow_ftpd_anon_write on / /P: restart entry into force of expansion content # setsebool-P allow_ftpd_full_a ccess on lftp 192.168.0.103 test 1: User Restrictions (blacklist) # vim / etc / the vsftpd / ftpusers add users to restart the service can be 7/11

Extended Content: limit switch home directory # vim / etc / vsftpd / vsftpd.conf add the user name to restart the service can be Chroot_local_user = YES / / chr oot_list_enable = YES to chroot_list_file = / etc / vsftpd / chroot_list / / File can not chroot . Configure your test system connect to an ISCSI target from instructor.example. com, you should mount this filesystem to / mnt / iscsi directory and automatical ly useable at system boot time. # Install iscsi *; service; the chkconfig # the iscsiadm-m discovery-t - st-p 19 2.168.0.254 / / check iqn No. # the iscsiadm-m node-T iqn.2010-05.sqing: shuqing -l / / registration # the df - h / / View iscsi local mapping device name, such as / dev / sda is # fdisk / dev / sda, / / partition # the mkfs-t ext4 is / dev/sda1 V im is the / etc / fstab / dev/sda1 / mnt / iscsi the ext4 defaults, _netdev Moun t-a Df in-h to see 0 0 Annotation [LU5]: start fstab does not load first entry, a network connection be fore loading . Share the / common directory via SMB: - Your SMB server must be member of the SAMBA workgroup - The share's name must be common - The common share must be ava ilable to example.com domain client only - The common share must be browseable mary must have read access to the share, authenticating with the same password "password", if necessary # Install the samba *; the service; the chkconfig Vim is / etc / samba / samba.c

onf WORKGROUP = SAMBA the Hosts the allow = 127. 192.168.0. The Hosts deny = 192 .168.1. / / Whether we should use all option? [Common] / / add the last comment = public the dir path = / common the browseable = yes / / restart services Smbpa sswd-mary / / enter 2 passwords Chcon-R-t samba_share_t / common / / samba_share _t value determined? Smbclient-L 192.168.0.103 / / test Smbclient / / 192.168.0. 103/common-U mary

8/11 . Implement a web server for the site http://serverX.example.com, then perform t he following steps: - Download ftp://instructor.example.com/pub/rhce/server.html - Rename the downloaded file to index.html - Copy this index.html to DocumountR oot of your web server - Do NOT make any modifications to the content of index.h tml # Install httpd; service; chkconfig # cd / var / www / html / # wget ftp://instr uctor.example.com/pub/rhce/server.html # mv server.html index.html vim / etc / h ttpd / conf / the httpd.conf NameVirtualHost *: 80 / / global open the virtual h ost functionality <VirtualHost *:80> servername server3.example.com the Document Root / var / www / html / </ VirtualHost> / / restart the services because the s ame IP to resolve the two domain name, you need to use the virtual host . Extend your web server to include a virtual host for the site http://wwwX.exam ple.com/, where X is your desktop number, then perform the following steps: - Se t the DocumentRoot to / var / http / virtual - - Download ftp://instructor.examp le.com/pub/rhce/www.html - Rename the downloaded file to index.html - Place this index.html in the DocumentRoot of the virtual host - Do NOT make any modificati ons to the content of index.html - Ensure that harry is able to create content i n / var / http / virtual Note: The original web site http://serverX.example.com must still be accessable, DNS resolution for the hostname wwwX . example.com is already provided by the name server on instructor.example.com .. Create a direct ory / var / http / virtual / limited, Limit access to only local users, non-loca l user prohibited access 9/11 # # # # mkdir / var / / http / virtual / limited-p cd / var / / http / virtual / wget ft p://instructor.example.com/pub/rhce/www.html mv www.html index.html Switch to the / var / directory Restorecon / var / www / the html ll-Z / var / w ww / / / view the content value of the html directory; chcon-R-t httpd_content_t http / / change the http directory content value vim / etc / httpd / conf / htt pd.conf

<VirtualHost *:80> Servername www3.example.com DocumentRoot / var / http / virtu al <directory /var/http/virtual> / / to achieve directory user authentication Au thname httpuser "Authtype Basic Authuserfile / etc / httpd / .htpasswd the Requi re valid -user </ directory> the <directory /var/http/virtual/limited> / / domai n to limit the Order deny, the allow the Deny from all the Allow from example.co m </ directory> </ VirtualHost> / / restart the service htpasswd-c / etc / httpd / .htpasswd user1 # vim / var / http / virtual / limited / index.html / / add a test file the Hello! # elinks http://www3.example.com The test . Configure an email alias your MTA such that mail sent to harry is received by the local user mary

# Install postfix; the service; the chkconfig # vim / etc / aliases harry mary / / set the alias, harry be forwarded to Mary # the newaliases / / rebuild the al ias database # vim / etc / postfix / main.conf Inet_interface = all myorigin = * ** myorigin = *** / / restart the service test mail-vs. 'hello' harry@server3.ex ample.com, Mail-u mary view user mailboxes expansion content: domain restriction s # vim, the / etc / postfix / access / etc / postfix / main. cf: smtpd_client_r estrictions = check_client_access hash :/ etc / postfix / access / etc / postfix / access: 1.2.3 REJECT 192.168.0 OK 192.168.1 RELAY

. Configure SMTP mail service according to the following requiremnets: 10/11 - Your mail server should accept mail from remote hosts and localhost - harry mu st be able to receive mail from remote hosts - Mail delivered to mary should spo ol into the default mail spool for mary / var / spool / mail / mary. Create a sh ell script / root / program: - when you input "kernel" parmeter to the shell scr ipt that will return "user" - when you input "user" parmeter to the shell script that will return "kernel" - while script no parmeter or parmeter is wrong, stan dard error "usage :/ root / program kernel | user" # Vim / root / program #! / Bin / bash case $ 1 in kernel) echo user;; user) echo kernel;; *) echo 'usage :/ root / pro gram kernel | user';; esac 11/11