Вы находитесь на странице: 1из 10

Preliminary things to do before taking the Exam.

1. Login in to single user mode, Disable SE Linux, Reset the root password and Reboot the machine
2. Check for Account expiry information
3. Disable Firewall setting
4. Configure IP address and Hostname.

Start the Virtual Machine
On Boot time, Press any key
Press "e" for edit
Go to 2nd Line ie., Select Kernal Line <Kernel/Vmlinuz....> and press "e"
At the end of the kernel line press space and 1 then press enter
press "b" for boot
This will take you to the single user mode

OR

On Boot time, Press any key
Simply press "a" for Advanced Kernel Arguments
At the end of the kernel line press space and 1 then press enter
This will take you to the single user mode

#getenforce -- To check SELINUX Enabled/Disabled
#setenforce 0 -- To Disable SELINUX
#getenforce -- It should show you "Permissive"
#passwd -- Change root password (Set the password according to the instructions given)
#chage -l root -- To check the Account Expiry information
#chage -E never root -- To set the Account expiry to never
#reboot -- To boot the system in to the Graphical mode.

After Reboot, Open terminal from Applications --> System Tools --> Terminal
As right click will not work)

#iptables -L -- To check the Firewall configurations
#iptables -F -- To Flush the firewall settings
#service iptables save
#service iptables restart
#chkconfig iptables on

Now the system is on DHCP Networking:
Please run ifconfig command and check whether eth0 has ipaddress or not.
If it is not there, please follow below procedure to enable DHCP.
#system-config-network
In this wizard, check DHCP Option Save and quit.
#service network restart
#chkconfig network on

OR

Use "setup" command

OR
Graphical Interface
System --> Preference -->Network Connections

Please check these things, no need to modify anything, as system is running on DHCP.

#vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server1.example.com
:wq!
#service network restart
#chkconfig network on

#vi /etc/resolv.conf
search example.com
nameserver 192.168.0.254 -- <DNS IP>

To verify these settings

#ifconfig -- check eth0 has IPAddress
#ping localhost
#hostname
#dig -x 192.168.0.254 -- <DNS IP>


1. Enable Selinux

Answer:

#getenforce
Enforcing
#vim /etc/sysconfig/selinux
SELINUX=enforcing
SELINUXTYPE=targeted

2. Enable IP forwarding on your virtual machine.

Answer:
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
:wq!
To Verify:
#sysctl -p

3. Configure FTP access on your system:
Clients within the domain70.example.com domain should have anonymous FTP access to your machine
Clients outside domain70.example.com should NOT have access to your FTP service

Answer:
#yum install vsftpd* ftp*
#service vsftpd restart
#chkconfig vsftpd on
#ifconfig --Check your ip address
# ftp 192.168.0.106 -- Check whether ftp is accessible to your ip
Username: anonymous
Password : -null-
ftp > bye --Till here every one can access your machine as ftp.
#vim /etc/hosts.deny -- Using TCP wrappers you are denying all other domains to access
ftp.
vsftpd: ALL EXCEPT 192.168.0.0/255.255.255.0 -- domain70.example.com ip
:wq!
#service vsftpd restart

To verify:
# ssh 192.168.1.0 -- login to cracker.org machine , why because it is outside ur domain.
# ftp 192.168.0.106 -- from here you try ftp to your machine.
You do not have a permission to use this program.


4. Set cron job:
Set cron service such that it can't be accessible by mike

Answer:
# vim /etc/cron.deny
mike
:wq!
#service crond restart
#chkconfig crond on

To Verify:
#su mike
$crontab e
You are not allowed to use this program.









5. Configure SSH access as follows:
natasha has remote SSH access to your machine from within domain70.example.com clients within
cracker.org should NOT have access to ssh on your system

Answer:
#yum install openssh-server
#service sshd restart
#chkconfig sshd on
#vim /etc/hosts.deny ---Using TCP wrappers you are denying cracker.org domain to
access ssh.
sshd: 192.168.1.0/255.255.255.0
:wq!
#service sshd restart

6. Share the /common directory via SMB
Your SMB server must be a member of the STAFF workgroup
The share's name must be common
The common share must be available to domain70.example.com domain clients only
The common share must be browsable
natasha must have read access to the share authenticating with the password smbposrroll if necessary.

Answer:
#yum install samba
#mkdir /common
#vim /etc/samba/smb.conf
:set nu
Line 74: workgroup = STAFF
<shift +g > come to last line
Copy last 7 lines and paste
[common]
; comment = Common Stuff
path = /common
public = yes
writable = no
browseable = yes
valid users = Natasha
hosts allow = 192.168.0.
; printable = no
; write list = +staff
:wq!
#service smb restart
#chkconfig smb on
#testparm
#smbpasswd Natasha
Password:
Reenter password:


To Verify:
#ifconfig -- Note Down your IP
#smbclient //192.168.0.106/common U Natasha
smbpassword:
Domain=[STAFF] OS=[UNIX] Server=[Samba 3.5.4-68.el6]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME -- You get this error
#ls ldZ /common
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /common
#chcon R t samba_share_t /common
#ls ldZ /common
drwxr-xr-x. root root unconfined_u:object_r:samba_share_t:s0 /common
##smbclient //192.168.0.106/common U Natasha
smbpassword:
Domain=[STAFF] OS=[UNIX] Server=[Samba 3.5.4-68.el6]
Smb: \>quit
#

7. Implement a web server for the site http://station.domain70.example.com, then perform the
following steps:
Download ftp://server1.domain70.example.com/pub/rhce/station.html
Rename the downloaded file to index.html
Copy this index.html to the Document root of your web server
DO NOT make any modifications to the content of index.html

Answer:
#yum install httpd
#cd /var/www/html
#wget ftp://server1.domain70.example.com/pub/rhce/station.html
#ls
#mv station.html index.html
#vim /etc/httpd/conf/httpd.conf
:set nu
Line 990: NameVirtualHost 192.168.0.1:80 -- Your ip:port number
<shift+g> come to last line
Copy last 7 lines 7yy and paste p
<VirtualHost 192.168.0.1:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html
ServerName station.domain70.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
:wq!
#httpd -t
#service httpd restart
#chkconfig httpd on
#elinks station.domain70.example.com

1. Extend your web server to include a virtual host for the site http://www.domain70.example.com,
then perform the following steps:
Set the DocumentRoot to /var/www/virtual
Download ftp://server1.domain70.example.com/pub/rhce/www.html
Rename the downloaded file to index.html
Place this index.html in the Document Root of the virtual host
DO NOT make any modifications to the content of index.html
Ensure natasha is able to create content in /var/www/html
Note: www.domain70.example.com provided by server1.domain70.example.com

Answer:
#mkdir /var/www/virtual
#cd /var/www/virtual
#wget ftp://server1.domain70.example.com/pub/rhce/www.html
#ls
#mv www.html index.html
#ls
#vim /etc/httpd/conf/httpd.conf
:set nu
<shift+g> Come to last line
Copy last 7 lines 7yy and paste
<VirtualHost 192.168.0.1:80> -- your ip:portnumber
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/virtual
ServerName www.domain70.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
:wq!
#httpd -t
#service httpd restart
#chkconfig httpd on
#setfacl m u:natsha:rwx /var/www/virtual

To Verify:
#elinks http://www.domain70.example.com

9. Export your /common directory via NFS to the domain70.example.com domain only

Answer:
# yum install nfs-utils
# vim /etc/exports
/common 192.168.0.0/255.255.255.0(ro,sync)
:wq!
#service nfs restart
#chkconfig nfs on
#exportfs -- Verify

10. Configure SMTP mail service according to the following requirements:
Your mail server should accept mail from remote hosts and localhost
natasha must be able to receive mail from remote hosts
Mail delivered to natasha should spool into the default mail spool for natasha, /var/spool/mail/natasha

Answer:
#yum install postfix
#vim /etc/postfix/main.cf
:set nu
Line 113: inet interface = all -- you need to enable this line by removing #
Line 116: # inet interfaces = localhost -- you need to disable this line by putting #
:wq!
#service postfix restart
#chkconfig postfix on

To Verify:
#ls ld /var/spool/mail/natasha

11. Create a directory limited on your DocumentRoot
Download ftp://server1.domain70.example.com/pub/rhce/station.html
Rename the downloaded file to index.html
Copy this index.html file the limited directory
Make it such that the content of limited can be accessible to the local users only

Answer:
#mkdir p /var/www/html/limited
#cd /var/www/html/limited
#wget ftp://server1.domain70.example.com/pub/rhce/station.html
#ls
#mv station.html index.html
#vim /etc/httpd/conf/httpd.conf
:set nu
<shift+g> come to last line
Copy last 7 lines 7yy and paste p
<VirtualHost 192.168.0.1:80> -- your ip:portnumber
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/virtual
ServerName http://www.domain70.example.com
<Directory /var/www/html/limited>
Order allow,deny
Allow from 192.168.0.1
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
</Directory>
</VirtualHost>
:wq!
#httpd -t
SYNTAX OK
#service httpd restart
#chkconfig httpd on
To Verify:
#elinks http://www.domain70.example.com/limited


12. Configure an email alias for your MTA such that mail sent to admin is received by the local user
natasha

Answer:
MTA ---> Mail Transport Agent

# vim /etc/aliases
:set nu
<shift +g> come to last line and add the following line
root: natasha
wq!
#newaliases

To Verify:
# mail root@localhost
Subject: XYZ
Content: ABCEDEFG ^d

#su natasha
$mail
Yes you have a mail.

13. Using iscsi, discover and mount a device shared by host.domain70.example.com
Create an iscsi storage device of 1100MB size
Download ftp://server1.domain70.example.com/pub/rhce/iscsi.txt and copy it to the iscsi device
Mount the device permanently under /mnt/data as ext4 file system

Answer:
#yum install iscsi*
#iscsiadm -m discovery -t st -p instructor.example.com
Starting iscsi id [OK]
192.168.0 iqn.2012-09.com.example:rdisks server6
#iscsiadm -m node iqn.2012-09.com.example:rdisks server6 -p 192.168.0.254 -l
#fdisk -l
#fdisk -cu /dev/sda
:p -- print
:n -- create new partition
:p -- primary partition
:1 -- partition number 1
: -- first cylinder : default press enter
:+1100M last cylinder value
:p -- print
:w -- save

#partprobe
#mkfs.ext4 /dev/sda1
#mkdir /mnt/data
#vim /etc/fstab
/dev/sda1 /mnt/data ext4 defaults 0 0
:wq!
#mount -a
#df -h

14. Configure kernel such that kernstack value is 1, kernel line should display the edited string in
/proc/cmdline.

Answer:
#vim /etc/grub.conf
Go to end of the kernel line <shift+a> this will take you to end of the kernel line and type kernstack=1 at
the end of the line as shown below.
Kernel /vmlinuz-2.6.32-71.el6.i686 ro root=/dev/mapper/vg_instructor-< > rhgb quite kernstack 1
:wq!
# cat /proc/cmdline -- It will not show , reboot is necessary
# reboot
# cat /proc/cmdline -- It will show now.

15. Mount the image file /root/dvd.iso under /mnt/dvd so that it automatically mounts when the
system is rebooting.

Answer:
#cd
#ls
#mkdir /mnt/dvd
#vim /etc/fstab
/root/dvd.iso /mnt/dvd iso9660 ro,loop,auto 0 0
wq!
#mount -a
#df h

16. Write a script /root/bar.sh such that when we execute /root/bar.sh Python it displays Perl and
when we execute /root/bar.sh Perl it displays Python. and when we type someother character,
/root/bar.sh Perl \ Python is directed to stderr.

Answer:
#vim /root/bar.sh
#!/bin/bash
read a

if [ $a == python ]
then
echo perl
elif [ $a == perl ]
then
echo python
else
echo /root/bar.sh python|perl >>stderr
fi
:wq!
#chmod 755 /root/bar.sh
#./bar.sh -- To Verify

@@@@@@@