Você está na página 1de 6

== Prerequesites:

! I really dont remmember all information like the exact IP, names and the questions, but tried to write
all important information I also recommend Install Virtualbox Redhat ISO/Centos and tried the
scenarios and do some study, cause within the 120 minutes you dont have time for manual searching

= station configuration is DHCP, 172.24*/24, FQDN = station.domainX.exapmple.com

= Configure repo

the http server where the repo is configured is the the RHCE lab description also the root PWD, dont
change the root PWD

vi /etc/yum.repos.d/http.repo
[myrepo]
name=myrepo
baseurl=http://server.domanX.example.com/.....
enabled=1
gpgcheck=0 --> important parameter

yum makecache
yum repolist

= Install all important tools


yum install system-config-*
yum search policycoreutils-gui*
yum search samba-client* --> smbclient is not installed by default

= Iptables

All iptables configuration was done over Firewall GUI enable Ports HTTP, NFS, SSH, NFS, FTP, SMB
System -> Administration -> Firewall

I recommended before testing changes, restart the deamon for FTP/SMB/NFS to be sure

== 1. Enable enforcing mode in Redhat


yum install policycoreutils-gui*
System -> Administration -> SELinux Management - set enforcing mode and restart system

== 2. Enable IP forwarding
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p --> activate configuration from /etc/sysctl.
cat /pro/sys/net/ipv4/ip_foward -> 1

== 3. SSH access (/etc/hosts.allow and deny), grant domainX.example.com and deny my133t.org SSH
access
/etc/hosts.allow
sshd: .domainX.example.com --> . before domain is important matches all before could be also written
as *.domainX.example.com
/etc/hosts.deny
sshd: .my133t.org

== 4. FTP only users from domainX.example.com domain should have access to FTP, and users should
be able to download files from FTP.
yum install vsftpd
chkconfig vsftpd on
/etc/init.d/vsftpd start
Anonymous users should be grant read access by default but check /etc/vsftpd/vsftpd.conf to be sure
anonymous_enable = yes

/etc/hosts.deny
add line
vsftpd: ALL EXCEPT .domainX.exameple.com

== 5. Share /groupdir with SAMBA, workgroup STAFF or something else, share should be browsable,
read only and only user barry should be able to connect to it, also only users from
domainX.example.com should be able to connect, also the user barry should have a SAMBA PWD
barry

yum grouplist | grep CIFS


yum installgroup "CIFS file server"
chkconfig smb on
chkconfig nmb on
/etc/init.d/smb start
/etc/init.d/nmb start
vi /etc/samba/smb.conf
workgroup = STAFF

[common]
path = /groupdir
public = no
browseable = yes
read list = barry
valid users = barry
read list = barry
read only = yes
hosts allow = 172.24.56. --> dont forget the ., .domainX.example.com didnt worked

smbpasswd -a barry --> type password

chcon -R --reference=/var/ftp/pub /groupdir --> give /groupdir share a SElinux permission


getsebool -a | grep samba | grep ro
samba_domain_controller --> off
samba_export_all_ro --> off
setsebool -P samba_export_all_ro 1 --> activates SMB for read-only access
smbclient //station.domainX.example.com/common -U barry --> then type PWD, you should get the
smbclient prompt
or
smbclient -L station.domainX.example.com -U barry

== 6. Configure web server, http://station.domainX.example.com, download with ftp from some ftp://
the station.html and rename it to index.html and put /var/www/html

yum instlal elinks --> like this tool


yum install http*
chkconfig httpd on
/etc/init.d/httpd start

vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80> --> I dont really know the difference between *:80 and 172.24.35.50:80, there were
sites regarding RHCE which used * and some with the IP
ServerName station.domainX.example.com
ServerAdmin webmaster@station.domainX.example.com
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/html
</VirtualHost>

chcon -R --reference=/var/www/html /var/www/html/ --> just to be sure that the copied index.html
recieves the right SElinux permissions
test http with elinks and type "g" and station.domainX.example.com

== 7. extend the http configuration create a virtualhost with www.domainX.example.com, path


/var/www/virtual, there is some file on ftp:// which must be downloaded and copied into
/var/www/virtual as index.html

vi /etc/httpd/conf/httpd.conf
add lines
<VirtualHost *:80>
ServerName www.domainX.example.com
ServerAdmin webmaster@station.domainX.example.com
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/virtual
</VirtualHost>

and uncomment the


NameVirtualHost *:80

chcon -R --reference=/var/www/html /var/www/virtual/

== 8. create confidential folder in the web server and the user chucky should be able to add files, this
folder must be recheable only from station.domainX.example.com, also there is some file on ftp which
must be copied into confidential

Now this task is a bit not specific to which server you should add the Directory I added it to virtual,
according to some other guys it should be the www folder. Choose

<VirtualHost *:80>
ServerName www.domainX.example.com
ServerAdmin webmaster@station.domainX.example.com
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/virtual
<Directory /var/www/html/confidential>
Order Deny,Allow --> found that this definiton is the right one, again Im open minded if Im wrong
Deny from localhost
Allow from station.domainX.example.com
</Directory>
</VirtualHost>

The new part is <Directory>


chcon -R --reference=/var/www/html /var/www/virtual/confifential --> again dont forget

in elinks www.domainX.example.com and www.domainX.example.com/confidential should show


different content

== 9. Set up NFS server and allow NFS access only for domainX.example.com, share folder /groupdir

yum install nfs*


chkconfig nfs on

vi /etc/exports
/groupdir *.domainX.example.com(rw,sync)

exportfs -rva

Now check exports with showmount -e station.domainX.example.com

There is a task that there should work and automounter so and it should be mounted under
/share/station.domainX.example.com

chkconfig autofs on
vi /etc/auto.master
/share /etc/auto.share

vi /etc/auto.share
station.domainX.example.com -soft,intr,sync station.domainX.example.com:/groupdir

service autofs restart


test it with cd /share/station.domainX.example.com, this should be automatically mounted, the folders
will be created by autofs.

== 10. configure SMTP, for localhost and remote users

vi /etc/postfix/main.cf
myhostname = station.domainX.example.com --> uncomment this
mydomain = domainX.example.com --> uncomment this
myorigin --> this must stay commented out!!!

inet_interfaces = all --> uncomment this one out


#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost --> comment this one out

now test the mail for user barry, or some other localuser
mail barry@station.domainX.example.com
Subject: kukuk
hi there barrrrry
CTRL+D

su - barry
mail --> displays mails, check then with ENTER

== 11. configure user natasha to receive mails as admin

vi /etc/aliases
admin: natasha

newaliases

mail admin@station.domainX.example.com --> test it, this should send the mail to admin, that is
according the definition natasha should receive the mail
su - natasha
mail

== 12. configure iSCSI, the iSCSI is located on host.domainX.example.com, create a 1500MB drive
mounted it and copy some file from ftp:// to it, persist the disk even after reboot, mount the iSCSI
under /mnt/iscsi_disk

yum install iscsi*

iscsiadm -m discovery -t st -p host.domainX.example.com


shows something like iqn................copy the whole string
iscsiadm -m node -T ign...... -p host.domainX.example.com -l

tail -f /var/log/messages --> check for a new drive, something like sda/sdb
fdisk -l /dev/sda .... you know how to create a 1400MB partition
mkfs.ext4 /dev/sda1
/etc/fstab
/dev/sda1 /mnt/iscsi_disk ext4 _netdev,defaults 0 0

cat /etc/iscsi/initiatorname.iscsi --> added here the iSCSI drive, the sda was present even after reboot
InitiatorName=iqn.1994-05.com.redhat:ade0babb6b13

dont forget chkconfig iscsid on

== 13. mount iso under /mnt/iso, which is under /root/omg.iso

vi /etc/fstab
/root/omg.iso /mnt/iso iso9660 defaults,loop 0 0

mount -a

== 14. write a script, which shows script one|two if $# -eq 0, when paramete one displays two, when
parameter $1 two display, one, when none of the supported parameters are inserted displays again help

#!/bin/bash
if [ $# = 0 ]
then
echo "/root/program one|two"
elif [ $1 = "one" ]
then
echo "two"
elif [ $1 = "two" ]
then
echo "one"
else
echo "/root/program one|two"
fi
:wq
# chmod a+x /root/program

== 15. add some kernel parameter in the startup sequence kenerl_loop=32


add this end of line whichs starts with kernel
vi /etc/grub.conf

== 16. deny user natasha to use crontab

/etc/cron.deny
natasha
 yaoyeboa likes this
 Like This