RHCSA EXAM

RHEL7
We need to configure the system before starting the actual Exam with the following pre-
requests

YOU HAVE ONE SYSTEM WITH ONE VIRTUAL SYSTEM IN BUILD

PACKET FILTERING SHOULD NOT AFFECT THE NETWORK INTERGITY. USE THE
STATIC IP:- IP ADDRESS OF desktopX - 172.25.X.10 and serverX- 172.25.X.11, "X" refers
to your system no. NETMASK - 255.255.255.0 GATEWAY - 172.25.X.254 PRIMARY DNS -
172.25.254.254 HOSTNAME - serverX.example.com and desktop, "X" refers to your
system no. DOMAIN NAME - example.com

YUM BASEURL IS baseurl=http://172.25.254.254/rhel7.0/x86_64/dvd.

The "root" user's password should be redhatRHCSA

Note : Either IP tables or firewalld can be used to clear the exam in this mock paper the
iptables has been used

I) Breaking the root password.

Ans : reboot the exam VM and bring the system in to the grub menu and
Press 'e' to edit the grub add the words rd.break console=tty1 at the end
of the line linux16 and press ctrl+x or f10 to boot,
it boot and lands into the prompt and type the following commands
a) # mount -o remount,rw /sysroot
b) # chroot /sysroot
c) # passwd root ( Enter the new password as prompted )
d) # touch /.autorelabel
e) # init 6 or reboot ( this will reboot the system )

II. Setup the network settings such as hostname , ip address , DNS etc with
the single TUI based command
Ans= # nmtui ( and press enter key and follow the procedure )
# init 6 and then check the network settings

III. Setup the yum Client

Ans = # vim /etc/yum.repos.d/yum.repo ( create this new file name can
be any , but the extension of
.repo and add the following lines
[RHEL7]
baseurl=<provide the url as mention in the exam paper>
 gpgcheck=0
enabled=1
:wq!

# yum clean all

# yum repolist
# yum install ksh y

then click on the question tab with and follow the questions

1. Create the following users, groups and group memberships:

- Create a group named sysadmin

- A user saara who belongs to sysadmin as a secondary group.

- A user Natasha who also belongs to sysadmin as a secondary group.

- A user harry who does not have access to an interactive shell on the system, and
who is not a member of sysadmin.

- Saara, Natasha and harry should all have the password of avaster.

Ans: a) groupadd sysadmin

# useradd -G sysadmin sara

# useradd -G sysadmin natasha

# useradd -s /sbin/nologin harry

# passwd sara

# passwd natasha

# passwd harry

-----------------------------------------------------------------------------------------------------------------
------------
 2. Create a collaborative directory /shared/sysadmin with the following characterstics:

- Group ownership of /shared/sysadmin is sysadmin.

- The directory should be readable, writable and accessible to members of

sysadmin, but not to any other user.(It is understood that root has access to all files
and directories on the system).

- Files created in /shared/sysadmin automatically have group ownership set to the

sysadmin group.

Ans: # mkdir -p /shared/sysadmin

# chgrp sysadmin /shared/sysadmin

# chmod g+rwx,o= --- /shared/sysadmin

or

# chmod 770 /shared/sysadmin

# chmod g+s /shared/sysadmin

-----------------------------------------------------------------------------------------------------------------
------------

3. Install the appropriate kernel update from ftp://instructor.example.com/ftpupdates. The

following must also be met:

- The updated kernel is the default kernel when the system is rebooted.

- The original kernel remains available and bootable on the system.

Ans: # Edit the yum repo file and add the new baseurl below the current url

save the file and type # yum clean all

# yum update kernel* -y ( this will install the new kernel without modifying the
existing kernel and automatically modify the grub file as well )

check the grub file and reboot the system , new kernel entry will appear in the grub
menu as default boot , then allow to boot it
-----------------------------------------------------------------------------------------------------------------
------------

4. Enable IP forwarding.

Ans # sysctl -A | grep ip_forward

copy the output and paste under the following file

# vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

# sysctl -p

-----------------------------------------------------------------------------------------------------------------
-----------

5. The user saara must configure a cron job that runs daily at 15:25 local time and
executes /bin/echo hello.

Ans:# su sara

$ crontab -e

25 15 * * * echo hello

-----------------------------------------------------------------------------------------------------------------
------------

6. Resize the Lvm so that it should be in between 400MB to 450MB.

(or) 130MB to 150MB.

Ans: # lvs

a) # lvextend -L 250 -r /dev/vgname/lvname { assume lv size is 200M then}

 b) Assume the lv size is 200M, then

# umount /mountpoint

# e2fsck -f /dev/vgname/lvname

# xfs_repair -f /dev/vgname/lvname

# resize2fs -f /dev/vgname/lvname 150M

# lvreduce -L 150M /dev/vgname/lvname

# mount /dev/vgname/lvname /mountpoint

# df -h

# blkid /dev/vgname/lvname

# vim /etc/fstab

-----------------------------------------------------------------------------------------------------------------
------------

7. Bind the LDAP for user authentication. Note the following:

- dc=example,dc=com

- Ldap path ldap://classroom.example.com/

- Download the certificate from http://classroom.example.com/pub/EXAMPLE-

CA-CERT

- ldapuserx should be able to log into your system, where x is your station number,
but will not have a home directory until you have completed the autofs
requirement.

Ans: # yum install system-config-authentication krb5* authconfig-gtk* pam* nss* -y

# system-config-authentication

select: LDAP authentication

LDAP search base DN: dc=example,dc=com

LDAP server: ldap://classroom.example.com/

 check the TLS

click on to: download certificate

http://classroom.example.com/pub/EXAMPLE-CA-CERT

# getent passwd ldapuser1

# su ldapuser1

$ exit

# grep ldapuser1 /etc/passwd

# getent passwd ldapuser1

-----------------------------------------------------------------------------------------------------------------
------------

8. Configure autofs to automount the home directories of LDAP users. Note the
following:

- instructor.example.com(192.168.0.254) NFS-exports /home/guests to your

system, where is x is your station ip.

- Ldapuserxs home directory is instructor.example.com:

/home/guests/ldapuserx

- Ldapuserxs home directory should be automounted locally beneath /home as

/home/ldapuserx.

- Home directories must be writable by their users.

- While you are able to log in as any of the users ldapuser1 through ldapuser20, the
only home directory that is accessible from your system is ldapuserx.

Ans: # yum install autofs -y

# vim /etc/auto.master
 /home/guests /etc/auto.guests

:wq!

# vim /etc/auto.guests

* -rw classroom.example.com:/home/guests/&

:wq!

# service autofs restart

# service autofs reload

# su ldapuser1

$ touch f1 f2 f3

-----------------------------------------------------------------------------------------------------------------
------------

9. Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so

that:

- The file /var/tmp/fstab is owned by the root user.

- The file /var/tmp/fstab belongs to the group root.

- The file /var/tmp/fstab should not be executable by anyone.

- The user saara is able to read and write /var/tmp/fstab.

- The user Natasha can neither write nor read /var/tmp/fstab.

- All other users (current and future) have the ability to read /var/tmp/fstab.

Ans: # cp /etc/fstab /var/tmp/

# chown root /var/tmp/fstab

# chgrp root /var/tmp/fstab

# chmod a-x /var/tmp/fstab

# setfacl -m u:saara:rw- /var/tmp/fstab

# setfacl -m u:natasha:--- /var/tmp/fstab

# setfacl -m o::r-- /var/tmp/fstab

-----------------------------------------------------------------------------------------------------------------
------------

10. Configure your system so that it is an NTP client of instructor.example.com

Ans: # yum install system-config-date -y

# system-config-date

click network time protocol

check Enable network Time Protocol

add: instructor.example.com

click: advanced options

click: syncronize system clock before starting service

to check

# chronyc sources -v

-----------------------------------------------------------------------------------------------------------------
------------

11. Configure SSH access as follows:

- Natasha has remote SSH access to your machine from within example.com

- Clients within remote.test should NOT have access to ssh on your system.

Ans: a) # yum install openssh-server -y

# vim /etc/ssh/sshd_config

# Authentication:

allowusers natasha --Add this line

b) iptables -F

iptables -F -t nat

service iptables save

iptables -A INPUT -s <remote.test network add> -p tcp -dport 22 -j

REJECT
 service iptables save

-----------------------------------------------------------------------------------------------------------------
------------

12. Configure FTP access on your system:

- Clients within the example.com domain should have anonymous FTP access to
your machine.

- Clients outside example.com should NOT have access to your FTP service.

Ans: a) # yum install vsftpd

# service vsftpd restart

# chkconfig vsftpd on

# iptables -A INPUT ! -s <n/w add of example.com> -p tcp - -dport 21 -j

REJECT

# service iptables save

-----------------------------------------------------------------------------------------------------------------
------------

13. Implement a web server for the site http://serverX.example.com , then perform the
following steps:

- Download ftp://instructor.example.com/ftpupdates/main.html

- Rename the downloaded file to index.html

- Copy the main.html to the Document Root of your web server.

- Do not make any modifications to the content of main.html.

Ans: # yum install httpd -y

# wget ftp://instructor.example.com/ftpupdates/main.html

# mv main.html index.html

# cp index.html /var/www/html

# service httpd restart

# chkconfig httpd on
-----------------------------------------------------------------------------------------------------------------
------------

14. Create a user deal with userid 2015.

Ans: # useradd -u 2015 deal

-----------------------------------------------------------------------------------------------------------------
------------

15. Create a Logical Volume with the name database by using 25 PEs. From the group
datastore of 50PEs.

(OR)

Create a Logical Volume with the name database by using 25 extends. From the
group datastore of 50extends. Consider PE size as 8mb. And mount under /datadb.

Ans: a) # fdisk -cu /dev/vda {create a partition of 200MB and set a id to 8e}

# type 8e

# reboot

# pvcreate /dev/vda5

# vgcraete datastore /dev/vda5

# lvcreate -l 25 -n database /dev/datastore/

# mkfs -t ext4 /dev/datastore/database

# mkdir /database

# mount /dev/datastore/database /database

# df -h

# vim /etc/fstab

/dev/mapper/datastore-database /database ext4 defaults 0 0

b) # fdisk -cu /dev/vda {create a partition of 400MB and set a id to 8e}

# type 8e

# reboot

# pvcreate /dev/vda5
 # vgcraete -s 8 datastore /dev/vda5

# lvcreate -l 25 -n database /dev/datastore/

# mkfs -t ext4 /dev/datastore/database

# mkdir /database

# mount /dev/datastore/database /database

# df -h

vim /etc/fstab

dev/mapper/datastore-database /database ext4 defaults 0 0

-----------------------------------------------------------------------------------------------------------------
------------

16. Extend the SWAP Space with 512 MB.

Ans: # fdisk -cu /dev/vda {create a partition of 512M and set the id as 82}

# reboot

# mkswap /dev/vda6

# free -m

# swapon /dev/vda6

# free -m

# blkid /dev/vda6

# vim /etc/fstab

-----------------------------------------------------------------------------------------------------------------
------------

17. Search the files created by user deal and redirect the locations to /root/deal

Ans: # mkdir /root/deal

# find / -user deal -exec cp -prf {} /root/deal \;

-----------------------------------------------------------------------------------------------------------------
------------
 18. Search the keyword ext4 in /root/anaconda-ks.cfg file and store the lines in order
in /root/ext4

Ans: # grep ext4 /root/anaconda-ks.cfg | sort > /root/ext4

---------------------------------------------------------------------------------------------------------------------
--------

19. Restrict the user natasha to assign cron jobs

Ans: # vim /etc/cron.deny

natasha

17) Download a data.iso file from instructor.example.com and mount it on/iso and
make it persistent across reboot.

a) iso file path ftp://instructor.example.com/pub/gls/misc/data.iso

Ans: # mount -o loop /root/data.iso /iso

# vim /etc/fstab

/root/data.iso /iso iso9660 loop 00

# mount -a