1. The document describes how to set up a basic web server configuration with an index.html file containing "This is a test!". The web server is only accessible from the local machine and server1.example.com.
2. Instructions are given to set up a shared /home/rhce directory for the rhce group, where members can create and modify each other's files but not delete others' files.
3. The document contains hints for various Linux administration tasks like managing user accounts, installing packages, configuring services, and more.
1. The document describes how to set up a basic web server configuration with an index.html file containing "This is a test!". The web server is only accessible from the local machine and server1.example.com.
2. Instructions are given to set up a shared /home/rhce directory for the rhce group, where members can create and modify each other's files but not delete others' files.
3. The document contains hints for various Linux administration tasks like managing user accounts, installing packages, configuring services, and more.
1. The document describes how to set up a basic web server configuration with an index.html file containing "This is a test!". The web server is only accessible from the local machine and server1.example.com.
2. Instructions are given to set up a shared /home/rhce directory for the rhce group, where members can create and modify each other's files but not delete others' files.
3. The document contains hints for various Linux administration tasks like managing user accounts, installing packages, configuring services, and more.
test!. Make this webserver only accessible to your machine and server1.example.com. Hint # yum install httpd # chkconfig httpd on # service httpd start echo This is a test! > /var/www/html/index.html # iptables -I INPUT -m state state NEW -m tcp -p tcp dport 80 -j ACCEPT # service iptables save # vi /etc/httpd/conf/httpd.conf Order allow,deny Allow from 127.0.0.1 server1.example.com # service httpd reload Question 2 of 12 Setup a /home/rhce directory to facilitate collaboration among the rhce group. Each member should be able to create files and modify each others files, but should not be able to delete any one elses files in this directory Hint # mkdir /home/rhce # chown root:rhce /home/rhce # chmod 770 /home/rhce # chmod +t /home/rhce # chmod g+s /home/rhce Question 3 of 12 Make sure user bobs account expires after one week. Hint # date -d +1week # usermod -e YYYY-MM-DD bob or # chage -E YYYY-MM-DD bob # chage -l bob Question 4 of 12 Add 100MB of swap space to your machine using a logical volume. Hint # lvcreate name lv_swap2 size 100M vg # mkswap /dev/vg/lv_swap2 # swapon /dev/vg/lv_swap2 # vi /etc/fstab /dev/vg/lv_swap2 swap swap defaults 0 0 Create user accounts named tony, mike, and john each with the redhat password and belonging to a secondary group called rhce. Hint # groupadd rhce # useradd tony -G rhce; passwd tony # useradd mike -G rhce; passwd mike # useradd john -G rhce; passwd john Question 6 of 12 Expand the file system on /home to 2GB in size Hint # lvresize -r -L 2G /dev/vg/lv_home Set up a default configuration FTP server. Block ftp connections from hackers.net Hint # yum install vsftpd # chkconfig vsftpd on # service vsftpd start # vi /etc/sysconfig/iptables-config IPTABLES_MODULES=nf_conntrack_ftp nf_nat_ftp # iptables -I INPUT -m state state NEW -m tcp -p tcp dport 20 -j ACCEPT # iptables -I INPUT -m state state NEW -m tcp -p tcp dport 21 -j ACCEPT # service iptables save # service iptables restart # vi /etc/hosts.deny vsftpd: .hackers.net: DENY Set up a new 100MB logical volume. Encrypt the volume with LUKS and set it up to automatically decrypt and mount to /crypt at boot. Use the ext4 filesystem and place an empty file in the root of the encrypted filesystem with a name of test Hint # lvcreate name crypt size 100M vg # mkdir /crypt # cryptsetup luksFormat /dev/vg/crypt # cryptsetup luksOpen /dev/mapper/vg-crypt crypt # mkfs.ext4 /dev/mapper/crypt # vi /etc/fstab /dev/mapper/crypt /crypt ext4 defaults 1 2 # mount -a # cryptsetup luksAddKey /dev/vg/crypt /etc/keyfile # chmod 400 /etc/keyfile # vi /etc/crypttab crypt /dev/vg/crypt /etc/keyfile # touch /crypt/tes Question 9 of 12 Create a new user bob. Give bob, not in the rhce group, read and write access to /home/rhce Hint # useradd bob # passwd bob # setfacl -R -m u:bob:rwx /home/rhce Question 10 of 12 Set up a job to delete all of the regular files in the /home/bob directory on the second day of every month at 8:30 A.M. Hint # crontab -e 30 08 02 * * /bin/find /home/bob -type f -exec /bin/rm {} \; Question 11 of 12 Install the appropriate kernel update fromhttp://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages. The following conditions must also be met: - the updated kernel is the default kernel when the system is rebooted. - the original kernel remains available and bootable on the system.
Hint # uname r # wget http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel* # rpm ivh kernel # vi /etc/grub.conf Check for default (0 or 1)
Question 12 of 12 Set up the automounter, and configure it to read the DVD on the /misc/dvd directory. Hint # yum install -y autofs # vi /etc/auto.misc dvd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom # service autofs start
Question 1 of 14 Assume you forget the current root password. Reboot your server and put the redhat password instead.
Hint # reboot Press a at the first GRUB menu at the console. Type single at the end of the line. # passwd root Type redhat. Question 2 of 14 Create a file named dontcopy in the /root directory and make it impossible to back it up with thedump command.
Hint # touch /root/dontcopy # chattr +d /root/dontcopy Question 3 of 14 Create a logical volume with the name lv_vol using 180PE (Physical Extents). Mount it on /mnt with filesystem ext4. Make it permanently loaded by uuid. Create a file called tempo into the /mnt directory.
Hint # lvs # lvcreate name lv_vol -l 180 vg # mkfs.ext4 /dev/vg/lv_vol # blkid | grep lv_vol >> /etc/fstab vi /etc/fstab UUID= /mnt ext4 defaults 0 0 # mount /mnt # df # touch /mnt/tempo Question 4 of 14 Create a file called cmd belonging to user and group root in toms directory with the string /bin/echo Hello! inside. Configure permissions on it to allow the stevens account to read and execute it but not andrewnor tom
Hint # cd /home/tom # echo /bin/echo Hello! > cmd # setfacl -m u:steven:r-x cmd # setfacl -m u:steven:x ../tom # setfacl -m u:tom: cmd # setfacl -m u:andrew: cmd Question 5 of 14 Install the vsftpd package. Copy the TUNING file coming with the package into the /root directory.
Hint # yum install -y vsftpd # rpm -ql vsftpd | grep TUNING # cd /usr/share/doc/vsftpd # cp TUNING /root Question 6 of 14 Remove all the files from the /etc/yum.repos.d directory. Set up a repository for the Base packages from (US)University of Oklahomas (http://mirror.oss.ou.edu/centos/) or (Germany)ATrpmss (http://mirror.atrpms.net/centos/) or (China)Beijing Institute of Technologys (http://mirror.bit.edu.cn/centos/) according to your geographical localization.
Hint # cd /etc/yum.repos.d # /bin/rm * # vi local.repo [base] name=University of Oklahoma Base baseurl=http://mirror.oss.ou.edu/centos/$releasever/os/$basearch/ enabled=1 gpgcheck=0 # yum clean all # yum repolist all Question 7 of 14 Reduce the size of the lv_vol logical volume to 100MB.
Hint # umount /mnt # lvreduce size 100M -r /dev/vg/lv_vol # mount /mnt Question 8 of 14 Install a httpd server. Make it serve files from /www/html. Write a file called index.html displaying Hello world!.
Hint # yum groupinstall -y Web server # yum install -y setroubleshoot-server elinks # cp -rp /var/www /www # cd /etc/httpd/conf # sed -e s:DocumentRoot \/var/www/html\:DocumentRoot \/www/html\:g httpd.conf > httpd.conf2 # mv -f httpd.conf2 httpd.conf # service httpd configtest # echo Hello world! >/www/html/index.html # semanage fcontext -a -t httpd_sys_content_t /www(/.*)? # restorecon -r /www # iptables -I INPUT -m state state NEW -m tcp -p tcp dport 80 -j ACCEPT # service iptables save # chkconfig httpd on # service httpd start # elinks http://localhost
Question 9 of 14 Create users andrew, tom, and steven with home directories in /home and passwords redhat. Make stevens account to expire on May 14, 2015.
Hint # useradd andrew; passwd andrew # useradd tom; passwd tom # useradd steven; passwd steven # chage -E 2015-05-14 steven; chage -l steven Question 10 of 14 Create a directory called project in /home. Create two groups called admins and dbas with gid respectively 50001 and 50002. Put andrew account into the admins group and steven account into the dbas group, each time as a secondary group. Configure the project directory for group collaboration among members of the admins and dbasgroups with no access for all other users.
Hint # mkdir /home/project # groupadd -g 50001 admins; groupadd -g 50002 dbas # usermod -aG admins andrew # usermod -aG dbas steven # setfacl -m g:admins:rwx /home/project # setfacl -m g:dbas:rwx /home/project # setfacl -m o: /home/project Question 11 of 14 Enable the cron access for root and steven users only.
Hint # echo steven >/etc/cron.allow Question 12 of 14 Configure a cron job for the root user to search for files named core in the /usr directory and delete them on every sunday at 11:55pm system time.
Hint # crontab -e 55 23 * * 0 /bin/find /usr -name core -exec /bin/rm {} \; Question 13 of 14 Create a script called cmd in the /root directory that displays Zero if no parameter is given, One if only one and Several if more than one
Hint # cd /root # vi cmd !#/bin/bash case $# in 0) echo Zero;; 1) echo One;; *) echo Several;; esac # chmod u+x cmd Question 14 of 14 Allow ssh access only from the 192.168.1.0/24 network.
Hint # iptables -I INPUT ! -s 192.168.1.0/24 -m tcp -p tcp dport 22 -j REJECT # service iptables save RHEL7 RHCSA Sample exam 1
Question 1 of 14 Create two users: john with uid/gid equal to 2000, password 12345678 and davis with uid/gid equal to 3000, password 87654321. Make davis account validity stopping in one month.
Hint # useradd -u 2000 john # passwd john New password: 12345678 # useradd -u 3000 davis # passwd davis New password: 87654321 # date -d +1month # usermod -e YYYY-MM-DD davis or # chage -E YYYY-MM-DD davis # chage -l davis Question 2 of 14 Allow davis (and only davis) to get full access to johns home directory.
Hint # setfacl -R -m u:davis:rwx /home/john Question 3 of 14 Create a directory named /common. Allow john and davis to share documents in the /commondirectory using a group called team. Both of them can read, write and remove documents from the other in this directory but any user not member of the group cant.
Hint # mkdir /common # groupadd -g 50000 team # chgrp team /common # chmod 2770 /common # usermod -aG team john # usermod -aG team davis Question 4 of 14 Create a xfs file system on a new logical volume of 100MB called lv_xfs. Mount it permanently with uuid under /xfs
Hint # lvcreate size 100M name lv_xfs /dev/vg # mkfs.xfs /dev/vg/lv_xfs # mkdir /xfs # blkid | grep lv_xfs >> /etc/fstab # vi /etc/fstab UUID= /xfs xfs defaults 1 2 # mount -a Question 5 of 14 Extend the existing xfs file system to a total size of 200MB and add a label called myFS.
Hint # lvextend size 200M /dev/vg/lv_xfs or # lvextend size +100M /dev/vg/lv_xfs # xfs_growfs /xfs # umount /xfs # xfs_admin -L myFS /dev/vg/lv_xfs # mount /xfs
Question 6 of 14 Write a Bash script called prog.sh in the /root directory that creates 40 files of 2MB each with thefallocate command in the mounted /xfs directory. Each file has got a name as follows: .file_Nwhere N is a number from 1 to 40.
Hint cd /root vi prog.sh #!/bin/bash cd /xfs N=40 while [ "$N" -gt 0 ] do fallocate -l 2M .file_$N N=`expr $N 1` done
# chmod u+x prog.sh # ./prog.sh Question 7 of 14 Create an ext4 file system on a new logical volume of 100MB called lv_ext4. Mount it permanently under the /ext4 directory. Copy the files previously created into this new space.
Hint # lvcreate size 100M name lv_ext4 /dev/vg # mkfs.ext4 /dev/vg/lv_ext4 # mkdir /ext4 # vi /etc/fstab /dev/vg/lv_ext4 /ext4 ext4 defaults 1 2 # cp -p /xfs/.f* /ext4
Question 9 of 14 Configure a virtual console. Hint # grubby update-kernel=ALL args=console=ttyS0 Question 10 of 14 Create a logical volume of 200MB called lv_swap2 and add it permanently to the current swap space.
Hint # lvcreate size 200M name lv_swap2 /dev/vg # mkswap /dev/vg/lv_swap2 # swapon /dev/vg/lv_swap2 vi /etc/fstab /dev/vg/lv_swap2 swap swap defaults 0 0 Question 11 of 14 Install the Apache package. Allow it to get documents stored on NFS mounted directories.
Question 12 of 14 Create a cron job running as root, starting at 11PM every day and writing a report on daily system resource consumption in the /var/log/consumption.log file.
Hint # crontab -e 00 23 * * * /usr/bin/sar -A > /var/log/consumption.log Question 13 of 14 Set the default target to boot into X Window level (previously level 5).
Hint # systemctl set-default graphical.target Question 14 of 14 Change the hostname to mycentos.example.com
Hint # hostnamectl set-hostname mycentos.example.com