linux rhce question&answers
Post on 02-Dec-2014
353 Views
Preview:
TRANSCRIPT
PART-I Total -2.5 hrs
*****************************************************************************
Note:with in 1 hr you should finish compulsory questions.
Note: You have to clear the compulsory question to get eligible for RHCT and
8 questions for RHCE.
*****************************************************************************
1. Boot into your system, your root password is not been set.(compulsory)
Answer:
You have enter into single user mode and change the root password to
redhat and the enter.
2. Configure the network. Your ip and all other details will be given in
network.txt file.(compulsory)
Answer: use netconfig command to configure.
3. dig the server example.com(compulsory).
4. ping the server cracker.org(compulsory).
5. create a partition 100 mb and mount permanently in
/mnt/new(compulsory).
6.when you use showmount -e. it does not export any from /exports.
Answer:you have to correct the error in the /exports entry.
7. Lvm resize .lvm size is 220.you have to resize it to 300.(270 to 330)
is allowed.
8. userquota creation. When user neo use the command dd df= somefile
bs=1024 block=30.it should not show any error.When user neo use the command
dd df= somefile bs=1024 block=70.it should show error.
9. Trouble shooting.
10. Trouble shooting.
******************************************************************************
[Installation & configuring network & Sysadmin services]
Section2 ........... 3 hrs TOTAL : 100marks
RHCT PART [70%] 9 Questions [Qs 1 - 9]
RHCE PART [70%] 7 Questions [Qs 10 - 16]
Additional RHCE PART [30%] 3 Questions -- ANY 2
******************************************************************************
Very exhaustive -- 3 hrs RHCT PART [70%] 10 Questions
==============================================================================
QUESTION 1 - Installation and General Information
Install Redhat linux RHEL 5 through NFS.Wher your
Server is server1.example.com(192.168.0.254) and shared /var/ftp/pub.
1) The network of .example.com domain is 192.168.0.0/24
2) Installation is via NFS. You will boot from a CD which will be given
At the prompt : linux askmethod
You will get a screen : Select DHCP [IP etc put automatically by server]
You will see a screen of NFS, FTP etc
NFS : server1.example.com [Will be given]
Dir name: /var/ftp/pub [Will be given] - Install bootloader in MBR. [GRUB]
Partitioning scheme
/boot 128MB
swap same as your memory [Note when your BIOS shows it]
or sometimes they may ask u to make it 1.5 to 2x
/ 512MB
/var 512MB
/tmp 512MB
/usr 2048MB
/data (Choose remaining space) Create raid level 0
Packages to choose (decide after reading the whole paper)
1) Select X
2) Don't choose Games,Openoffice,Sound, mysql server, development tools
if kernel compilation is not asked
3) Choose httpd, Window Server (SAMBA), DNS, sendmail, text editors,
text browsers, administration tools, printing.
( Note:-dhcp & vsftpd are not installed by default so u will have to use vsftpd
& just see were u can find dhcp & squid. In sendmail select sendmail.cf)
Note: Pls don't choose minimum/everything otherwise you WILL be screwed up.
Note :- The Packages size should be between 700 to 850 MB not more than that,
otherwise it will take more than half an hour to install & u r screwed.
***********
QUESTION 2
*INSTALL a dialog rpm --- dialog-2.0<something>.rpm
ANSWER 2
# ftp server1.example.com # cd /var/ftp/pub/Server
# ls <------------ Should show lots of RPMS
# bi # prom # mget dialog* # bye On local m/c,
# rpm -ivh dialog*
************
QUESTION 3
Create following users :john, jane & eric (password for each is "password")
a. jane & john should be part of secondary group sysadmin
b. eric should not be a part of sysadmin group.
c. No interactive shell is provided to eric.
d. Create a dir /data/sysadmin/
e. Only read,write and executable by sysadmin group
f. jane & john should be able to connect to the above directory
g. Any files made under /data/sysadmin/ group should be owned by the group"sysadmin"
ANSWER 3
a. Create a grp called "sysadmin" with following command
# groupadd sysadmin
. Now adduser jane & john who should be a part of secondary grp "sysadmin"
b. # adduser -G sysadmin jane # passwd jane < password/password
# adduser -G sysadmin john
# passwd john < password/password
c. Now add user eric who is not part of group sysadmin and he should
not have an interactive shell
# adduser -s /bin/false eric
# passwd eric
d. Now make a directory /data/sysadmin
# mkdir -p /data/sysadmin # cd /data
e. # chgrp sysadmin sysadmin/
g. # chmod 2070 sysadmin/
************
QUESTION 4
- Join to NIS Server
- NIS Domain is RHCE
- NIS Server is server1.example.com (192.168.0.254)
- Using autofs, automount server1:/rhome/stationX to /rhome local directory
- The above directory should be automounted on startup.
- Some "nisuserX" has been created on server1:/rhome/stationX.
passwd is "password"
- Do the above in such a manner that after automounting as well as on reboot
the NIS user - nisuser9 - can login to his home dir on the NIS server.
ANSWER 4
Part I The NIS Client setup part
- On Client machine do the following :
authconfig-tui run the command and select nis
NisDomain :RHCE
Nis Server :192.168.0.254 (or) server1.example.com
Service ypbind restart
d. chkconfig --level 35 ypbind on
e. service portmap restart
f. chkconfig --level 35 ypbind on
g. service ypbind restart
Part II - The autofs part
# mkdir /rhome # Edit /etc/auto.master
/rhome /etc/auto.misc --timeout=60
# Edit /etc/auto.misc
* -rw,soft,intr server1:/rhome/stationX/& (or) Nisusername
# chkconfig --level 35 autofs on
# service autofs restart
Go to Next Terminal to Check
***********
QUESTION 5
- Enable IP forwarding
ANSWER 5
- Edit /etc/sysctl.conf
net.ipv4.ip_forward=0
Now change the 0 to 1 and save the file
# sysctl -p
cross with :
# cat /proc/sys/net/ipv4/ip_forward
which should show 1
**********
QUESTION 6
- Install a new kernel from ftp://server1/pub/updates/
The old kernel must be available and bootable as well.
- Make the new kernel your default kernel
ANSWER 6
- ftp to the server to DL the new kernel
# ftp server1/pub/updates/kernel-2.4.21-9-EL.i686.rpm
- # rpm -ivh --test kernel-2.4.21-9-EL.i686.rpm <--- Do a Test Run first
- # rpm -ivh kernel-3.4.21-9-EL.i686.rpm
- Edit /etc/grub.conf to make this new kernel boot as default
default=0 <---------- We change this to 0 from 1
timeout=10
splashimage=(hd0,2)/grub/splash.xpm.gz
title Red Hat Linux (2.4.21-9-EL)
root (hd0,2)
kernel /vmlinuz-2.4.20-8 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.4.20-8.img
title Red Hat Linux (2.4.20-8vada)
root (hd0,2)
kernel /vmlinuz-2.4.20-8vada ro root=LABEL=/ rhgb quiet
***********
QUESTION 7
- Create a NFS server & export /data which should be accessible only
by .example.com domain
ANSWER 7
- Edit /etc/exports and put following :
/data *.example.com
- # chkconfig --level 35 portmap on
# service portmap restart
- # chkconfig --level 35 nfs on
# service nfs restart
# showmount –e <--------- To test and see
< /data *.example.com (or) exportfs
**********
QUESTION 8
- Connect to a Unix printer on server1
- Queue : stationX as raw printer
ANSWER 8
Go to GUI Mode open terminal
# system-config-printer
select new
In Queue Name enter - stationX
Select "InternetPrintiongProtcol "(IPP) in drop down and press NEXT
You then get another window asking for 2 entries :
Server : server1.example.com
Queue : stationX
Click on next
Select the driver to use - "Raw Print Queue"
Click Finish. Then exit saving changes.
Service cups restart
chkconfig –level 35 cups on
***********
QUESTION 9
- Create a cron job for user jane such that every day at 1.05 am it
should
/bin/echo "hello"
ANSWER 9
- Login as root
- crontab -u jane -e
05 01 * * * /bin/echo "hello"
- chkconfig --level 35 crond on
- service crond restart
===============================================================
RHCE PART [70%]
===============================================================
QUESTION 10
- Setup a OpenSSH server such that john can access it from .example.com
and no one from .cracker.org is allowed to ssh
ANSWER 10
Edit /etc/hosts.deny
sshd:ALL EXCEPT .example.com
#chkconfig --level 35 sshd on
#service sshd restart
************
QUESTION 11
- Setup a FTP server such that Anonymous access should be enabled only
from
.example.com domain
- jane should be able to connect to it from .example.com
- Everyone from .cracker.org should be denied
ANSWER 11
Edit /etc/hosts.deny
vsftpd:ALL EXCEPT .example.com
#chkconfig --level 35 vsftpd on
#service vsftpd restart
To Check /etc/vaftpd/vsftd.conf .
tcp_wrappers=YES since the default is NO
So look if they did this : tcp_wrappers=NO
or the entry is missing
************
QUESTION 12
- Setup a POP3 server such that eric can connect to it and collect his
- Only accessible by hosts on the .example.com domain
ANSWER 12
iptables –A INPUT –p tcp –dport 110 –s! 192.168.0.0/24 –d 192.168.0.X –j REJECT
service iptables save
service iptables restart
chkconfig –level 35 iptables on
To check
iptables -L
************
QUESTION 13
- Setup a SMTP server
- john's mails should be spooled to /var/mail/spool/john
- Your server should accept mails from remote networks [internet]
ANSWER 13
a. Edit /etc/mail/sendmail.mc
Find thus line :
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
add the word dnl to the beginning so it looks like this :
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
LOCAL_DEMON(`localhost.localdomain’) dnl to change your fully qualified domain name
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# chkconfig --level 35 sendmail on
# service sendmail restart
mail –vs “hai” john@localhost.localdomain
b. john's mails should be spooled to /var/mail/spool/john
Nothing to do. This is done by default by sendmail*
*************
QUESTION 14
- Setup a mail server such that all the mails to sysadmin should be received by john.
ANSWER 14
(Note by me :-
- In the above all exercises we never created a user called sysadmin
We only created a group called sysadmin
- So create a user called - sysadmin - now
# useradd sysadmin sysadmin
- Edit the file /etc/aliases and append the foll line :
sysadmin: john
- # chkconfig --level 35 sendmail on
- # newaliases or service sendmail restart
*************
QUESTION 15
- Create a website same as your hostname [stationX here]
- cp ftp://server1/pub/station.html to your document root and
rename it as index.html
(Resolution is provided by the central dns server installed by the
examiner)
ANSWER 15
- vi /etc/httpd/conf/httpd.conf
- ServerName stationX.example.com
- NameVirtualHost stationX.example.com
<VirtualHost stationX.example.com>
ServerAdmin webmaster@stationX.example.com
DocumentRoot /var/www/html
ServerName stationX.example.com
ErrorLog logs/stationX.example.com-error_log
CustomLog logs/stationX.example.com-access_log common
</VirtualHost>
- # chkconfig --level 35 httpd on
- # service httpd restart
- # httpd -t
- # elinks http://stationX.example.com
and you should see your home page : station.example.com
or whatever is in index.html
************
QUESTION 16
- Create a samba share /data
- john should be able to only read the contents of /data
- john can be asked for authentication
- Workgroup should be set to EXAMPLE
- The share - data - should be accessible only from .example.com
- The share should be browseable
- Here the password for john will be "password"
ANSWER 16
- Edit /etc/samba/smb.conf
[global]
workgroup=EXAMPLE
encrypt passwords=yes
[data]
path=/data
browseable=yes
read list=john
hosts allow=.example.com (or)192.168.0.
- # chkconfig --level 35 smb on
- # service smb restart
- # testparm
- # smbpasswd -a john
> password
#smbclient –L stationX/data –U john
- # smbclient //stationX/data -U john
> password
smb: \> ls
===============================================================
RHCE PART [30%] Any 2 Additional
===============================================================
***********
QUESTION 17
- Create a encapsulated SSL imap server \{IMAPS\}.
- Create an IMAP certificate for your hostname
- In [CN], put stationX.example.com
ANSWER 17
To install dovecot rpm
- chkconfig dovecot on
- chkconfig --level 35 doveoct on
vi /etc/dovecot.conf
to enable protocols imap pop3 imaps pop3s
-- cd /etc/pki/tls/certs
- make dovecot.pem
- At that time put stationX.example.com
(or)
make –C /etc/pki/tls/certs dovecot.pem
service dovecot restart
chkconfig --level 35 dovecot on
mutt –f imaps://username@stationX.example.com
***********
QUESTION 18
- Extend your webserver to host a virtual site www9.example.com
document root
should be /data/www/
- Here www(X) refers to your station number [stationX]
- cp ftp://server1/pub/www.html to its document root as index.html
- john should be able to write contents to /data/www/
- Resolution of the above VirtualHost is being provided by the central DNS
server installed by the examiner.
ANSWER 18
NameVirtualHost stationX.example.com
<VirtualHost stationX.example.com>
ServerAdmin webmaster@stationX.example.com
DocumentRoot /var/www/html
ServerName stationX.example.com
ErrorLog logs/stationX.example.com-error_log
CustomLog logs/stationX.example.com-access_log common
</VirtualHost>
<VirtualHost wwwX.example.com>
ServerAdmin webmaster@wwwX.example.com
DocumentRoot /data/www
ServerName wwwX.example.com
ErrorLog logs/wwwX.example.com-error_log
CustomLog logs/wwwX.example.com-access_log common
</VirtualHost>
- # chkconfig --level 35 httpd on
- # service httpd restart
- # httpd -t
- # elinks http://wwwX.example.com
and you should see your home page : www.example.com
**************
QUESTION 19
- Create a web proxy server which should service all hosts on
.example.com domain & listens on port 8080. (SQUID proxy server)
ANSWER 19
- Edit /etc/squid/squid.conf
- search for the string 3128 and replace it with 8080
acl proxy1 src 192.168.0.0/24
http_access allow proxy1
http_access deny all
visible_hostname <your hostname >
cachemem 8 M
- chkconfig --level 35 squid on
- service squid restart
Note by me :-
1) All the services should be availabe even after reboot. Thus make
sure u have enable reqd. services in ntsysv.Otherwise no marks will be
provided for that.
(For e.g :- Suppose u forget to tick sshd server in ntsysv even though
u have setup it up properly, starting the service by hand is not valid
)
2) Only providing the above services is not important , security of
each service has to be taken care off otherwise no marks will be provided
if the service is accessible to those who are not intented to have it.)
AT THE END I HAVE FOLLOWING SERVICES TICKED IN NTSYSV IN RUNLEVEL 3.
sshd,portmap,netfs,nfs,ypbind,crond,anacrond,echo,squid,sendmail,network,ipop3,vsftpd,imaps,samba,httpd,keytable,random,xinetd,lpd,ip4,
BEST OF LUCK TO YOU ALL !!!!!!!!!!!!!!
1.To configure NTP(Network time protocol)
Answer: system-config-date
To select tab for network time ---add 192.168.0.254 –Advanced –to select Syn
top related