Escolar Documentos
Profissional Documentos
Cultura Documentos
! I really dont remmember all information like the exact IP, names and the questions, but tried to write
all important information I also recommend Install Virtualbox Redhat ISO/Centos and tried the
scenarios and do some study, cause within the 120 minutes you dont have time for manual searching
= Configure repo
the http server where the repo is configured is the the RHCE lab description also the root PWD, dont
change the root PWD
vi /etc/yum.repos.d/http.repo
[myrepo]
name=myrepo
baseurl=http://server.domanX.example.com/.....
enabled=1
gpgcheck=0 --> important parameter
yum makecache
yum repolist
= Iptables
All iptables configuration was done over Firewall GUI enable Ports HTTP, NFS, SSH, NFS, FTP, SMB
System -> Administration -> Firewall
I recommended before testing changes, restart the deamon for FTP/SMB/NFS to be sure
== 2. Enable IP forwarding
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p --> activate configuration from /etc/sysctl.
cat /pro/sys/net/ipv4/ip_foward -> 1
== 3. SSH access (/etc/hosts.allow and deny), grant domainX.example.com and deny my133t.org SSH
access
/etc/hosts.allow
sshd: .domainX.example.com --> . before domain is important matches all before could be also written
as *.domainX.example.com
/etc/hosts.deny
sshd: .my133t.org
== 4. FTP only users from domainX.example.com domain should have access to FTP, and users should
be able to download files from FTP.
yum install vsftpd
chkconfig vsftpd on
/etc/init.d/vsftpd start
Anonymous users should be grant read access by default but check /etc/vsftpd/vsftpd.conf to be sure
anonymous_enable = yes
/etc/hosts.deny
add line
vsftpd: ALL EXCEPT .domainX.exameple.com
== 5. Share /groupdir with SAMBA, workgroup STAFF or something else, share should be browsable,
read only and only user barry should be able to connect to it, also only users from
domainX.example.com should be able to connect, also the user barry should have a SAMBA PWD
barry
[common]
path = /groupdir
public = no
browseable = yes
read list = barry
valid users = barry
read list = barry
read only = yes
hosts allow = 172.24.56. --> dont forget the ., .domainX.example.com didnt worked
== 6. Configure web server, http://station.domainX.example.com, download with ftp from some ftp://
the station.html and rename it to index.html and put /var/www/html
vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80> --> I dont really know the difference between *:80 and 172.24.35.50:80, there were
sites regarding RHCE which used * and some with the IP
ServerName station.domainX.example.com
ServerAdmin webmaster@station.domainX.example.com
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/html
</VirtualHost>
chcon -R --reference=/var/www/html /var/www/html/ --> just to be sure that the copied index.html
recieves the right SElinux permissions
test http with elinks and type "g" and station.domainX.example.com
vi /etc/httpd/conf/httpd.conf
add lines
<VirtualHost *:80>
ServerName www.domainX.example.com
ServerAdmin webmaster@station.domainX.example.com
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/virtual
</VirtualHost>
== 8. create confidential folder in the web server and the user chucky should be able to add files, this
folder must be recheable only from station.domainX.example.com, also there is some file on ftp which
must be copied into confidential
Now this task is a bit not specific to which server you should add the Directory I added it to virtual,
according to some other guys it should be the www folder. Choose
<VirtualHost *:80>
ServerName www.domainX.example.com
ServerAdmin webmaster@station.domainX.example.com
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/virtual
<Directory /var/www/html/confidential>
Order Deny,Allow --> found that this definiton is the right one, again Im open minded if Im wrong
Deny from localhost
Allow from station.domainX.example.com
</Directory>
</VirtualHost>
== 9. Set up NFS server and allow NFS access only for domainX.example.com, share folder /groupdir
vi /etc/exports
/groupdir *.domainX.example.com(rw,sync)
exportfs -rva
There is a task that there should work and automounter so and it should be mounted under
/share/station.domainX.example.com
chkconfig autofs on
vi /etc/auto.master
/share /etc/auto.share
vi /etc/auto.share
station.domainX.example.com -soft,intr,sync station.domainX.example.com:/groupdir
vi /etc/postfix/main.cf
myhostname = station.domainX.example.com --> uncomment this
mydomain = domainX.example.com --> uncomment this
myorigin --> this must stay commented out!!!
now test the mail for user barry, or some other localuser
mail barry@station.domainX.example.com
Subject: kukuk
hi there barrrrry
CTRL+D
su - barry
mail --> displays mails, check then with ENTER
vi /etc/aliases
admin: natasha
newaliases
mail admin@station.domainX.example.com --> test it, this should send the mail to admin, that is
according the definition natasha should receive the mail
su - natasha
mail
== 12. configure iSCSI, the iSCSI is located on host.domainX.example.com, create a 1500MB drive
mounted it and copy some file from ftp:// to it, persist the disk even after reboot, mount the iSCSI
under /mnt/iscsi_disk
tail -f /var/log/messages --> check for a new drive, something like sda/sdb
fdisk -l /dev/sda .... you know how to create a 1400MB partition
mkfs.ext4 /dev/sda1
/etc/fstab
/dev/sda1 /mnt/iscsi_disk ext4 _netdev,defaults 0 0
cat /etc/iscsi/initiatorname.iscsi --> added here the iSCSI drive, the sda was present even after reboot
InitiatorName=iqn.1994-05.com.redhat:ade0babb6b13
vi /etc/fstab
/root/omg.iso /mnt/iso iso9660 defaults,loop 0 0
mount -a
== 14. write a script, which shows script one|two if $# -eq 0, when paramete one displays two, when
parameter $1 two display, one, when none of the supported parameters are inserted displays again help
#!/bin/bash
if [ $# = 0 ]
then
echo "/root/program one|two"
elif [ $1 = "one" ]
then
echo "two"
elif [ $1 = "two" ]
then
echo "one"
else
echo "/root/program one|two"
fi
:wq
# chmod a+x /root/program
/etc/cron.deny
natasha
yaoyeboa likes this
Like This