0.

ipv4 setup both

0.yum setup
1.selinux
2.ssh
3.command alias
4.ipv6 both
5.teaming
6.port forwarding
7.postfix
8.nfs, mount
9.secure nfs, mount
10.samba
11.samba, multiuser mount
12.apache1
13.apache2
14.apache3
15.apache4
16.apache5
17.iscsi-server
18.iscsi-client
19.mariadb-inst
20.mariadb-queries
21.script-1
22.script-2
======================================
System1, System2 IPs, DNS name is provided in the exam notes, gateway and dns IP is
not mentioned.
Take System1, System2 IPs, DNS name from exam notes, take gateway IP, dns IP from
below command o/p.

nmcli show device eth0

check here the dns, gateway IP addresses and note down

0.ipv4 setup (on system1 and system2)

console of system1:
ip
addr./netmask dgw
nmcli connection modify eth0 ipv4.addresses '172.25.10.11/24 172.25.10.254'

dns-name as in exam notes

nmcli connection modify eth0 ipv4.dns 172.25.10.254 ipv4.dns-search
group10.example.com
nmcli connection modify eth0 ipv4.method manual
nmcli connection modify eth0 connection.autoconnection yes
nmcli connection reload

console of system2:
nmcli connection modify eth0 ipv4.addresses '172.25.10.12/24 172.25.10.254'
nmcli connection modify eth0 ipv4.dns 172.25.10.254 ipv4.dns-search
group10.example.com
nmcli connection modify eth0 ipv4.method manual
nmcli connection modify eth0 connection.autoconnection yes
nmcli connection reload

take ssh login session to system1 and system2 from base-system

ssh -X 172.25.10.11 -l root
ssh -X 172.25.10.12 -l root

0.yum setup
 vim /etc/yum.repos.d/exam.repo
[exam]
name=rhel7
baseurl=http://... from exam notes
gpgcheck=0

1.selinux
vim /etc/selinux/config
SELINUX=enforcing
wq!
sestatus
setenforce 1
getenforce

2.alias
vim /etc/profile.d/custom.sh
alias custom='ps -aux as per question'
wq!
chmod +x /etc/profile.d/custom
source /etc/profile.d/custom
custom

3.ssh
yum install openssh* -y
systemctl start sshd
systemctl enable sshd
vim /etc/hosts.deny
sshd: .my133t.org
wq!
systemctl restart sshd

4.ipv6 both
system1:
nmcli connection modify eth0 ipv6.addresses 'xxx:yyy:zzz/64'
nmcli connection modify eth0 ipv6.method manual
nmcli connection reload
systemctl reboot ##(ssh connection will be lost, ssh again after few minutes
from base-machine)

system2:
nmcli connection modify eth0 ipv6.addresses 'xxx:yyy:zzz:/64'
nmcli connection modify eth0 ipv6.method manual
nmcli connection reload
systemctl reboot ##(ssh connection will be lost, ssh again after few minutes
from base-machine)

5.teaming
system1:
nmcli connection add con-name team0 ifname team0 type team config '{"runner":
{"name": "activebackup"}}'
nmcli connection modify team0 ipv4.addresses '192.168.0.100/24'
nmcli connection modify team0 ipv4.method manual
nmcli connection modify team0 connection.autoconnection yes
nmcli connection add con-name team0-port1 ifname eno1 type team-slave master
team0
nmcli connection add con-name team0-port2 ifname eno2 type team-slave master
team0
nmcli connection reload
nmcli connection up team0
 ##take two tabs for system1 and system2 and check the ping/ connection status
as below
system1:
tab1: ping -I team0 192.168.0.100
tab2: teamdctl team0 state
nmcli connection down team0-port1
###and check tab1 for continuous pinging
teamdctl team0 state
nmcli connection up team0-port1

teamdctl team0 state

system2:
nmcli connection add con-name team0 ifname team0 type team config '{"runner":
{"name": "activebackup"}}'
nmcli connection modify team0 ipv4.addresses '192.168.0.100/24'
nmcli connection modify team0 ipv4.method manual
nmcli connection modify team0 connection.autoconnection yes
nmcli connection add con-name team0-port1 ifname eno1 type team-slave master
team0
nmcli connection add con-name team0-port2 ifname eno2 type team-slave master
team0
nmcli connection reload
nmcli connection up team0

system2:
tab1: ping -I team0 192.168.0.100
tab2: teamdctl team0 state
nmcli connection down team0-port1
###and check tab1 for continuous pinging
teamdctl team0 state
nmcli connection up team0-port1

teamdctl team0 state

6.port forwarding
firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source
address=172.25.10.11/24 forward-port port=from-question protocol=tcp to-port=from-
question'
firewall-cmd --reload

7. postfix
system1
yum install postfix* -y
systemctl start postfix
systemctl enable postfix
firewall-cmd --permanent --add-service=smtp
firewall-cmd --reload

vim /etc/postfix/main.cf
myhostname = system1.group10.example.com
myorigin = group10.example.com
mydestination =
mynetworks = 127.0.0.0/8, [::1]/128
inet_interfaces = loopback-only
relayhost = [as per question]
local-transport = error:local delivery disabled
 systemctl restart postfix

send one or two mails and check mail received in url provided in
question
echo "test1"|mail -s "testing1" user@system1.group10.example.com
###user name as given in question
echo "test1.1"|mail -s "testing1.1" user@localhost

system2
yum install postfix* -y
systemctl start postfix
systemctl enable postfix
firewall-cmd --permanent --add-service=smtp
firewall-cmd --reload

vim /etc/postfix/main.cf
myhostname = system1.group10.example.com
myorigin = group10.example.com
mydestination =
mynetworks = 127.0.0.0/8, [::1]/128
inet_interfaces = loopback-only
relayhost = [as per question]
local-transport = error:local delivery disabled

systemctl restart postfix

send one or two mails and check mail received in url provided in
question
echo "test2"|mail -s "testing2" user@system2.group10.example.com
echo "test2.2"|mail -s "testing2.2" user@localhost

8.nfs, mount
system1:
yum install nfs* -y
mkdir /nfsshare

firewall-cmd --permanent --add-service=nfs

firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpcbind
firewall-cmd --reload
systemctl start nfs-server
systemctl enable nfs-server
chcon -t public_content_t /nfsshare
vim /etc/exports
/nfsshare *.group10.example.com(ro)
wq!
systemctl restart nfs-server
exportfs -rv

system2:
yum install nfs-utils -y
showmount -e 172.25.10.11
mkdir /mnt/share1

vim /etc/fstab
system1.group10.example.com/nfsshare /mnt/share1 nfs
 defaults 0 0
wq!
mount -a

9.secure nfs, mount

system1:
systemctl start nfs-secure-server
systemctl enable nfs-secure-server
wget -O /etc/krb5.keytab http://...quetion
vim /etc/sysconfig/nfs
RPCNFSDARGS = "-V 4.2"
mkdir /nfssecure

mkdir /nfssecure/subdir

semanage fcontext -a -t public_content_rw_t '/nfssecure(/.*)?'

restorecon -vvRF /nfssecure
ls -ldZ /nfssecure
## check for public_content_rw_t context
ls -ldZ /nfssecure/subdir
## check for public_content_rw_t context
getsebool -a|grep nfsd
setsebool -P nfsd_anon_write on
getsebool -a|grep nfsd
### check nfsd_anon_write to be "on"
chown user:user /nfssecure/subdir
### user from question
chmod 777 /nfssecure
vim /etc/exports
/nfssecure *.group10.example.com(sec=krb5p,rw)
wq!
exportfs -rv
systemctl restart nfs-secure-server
systemctl restart nfs-server
systemctl restart nfs

system2:
showmount -e 172.25.10.11
wget -O /etc/krb5.keytab http://...question
systemctl start nfs-secure
systemctl enable nfs-secure
mkdir /nfssec

vim /etc/fstab
system1.group10.example.com/nfssecure /nfssec nfs
defaults,v4.2,sec=krb5p 0 0
wq!
systemctl restart nfs-secure
mount -a
su - nahur
cd /nfssec
cd subdir
touch t1.txt

10.samba
yum install samba* -y
systemctl start smb nmb
systemctl enable smb nmb
firewall-cmd --permanent --add-service=samba
 firewall-cmd --reload
mkdir /common
chcon -t samba_share_t /public

vim /etc/samba/smb.conf
workgroup=STAFF
[common]
comment=xyz
path=/common
public=no
writable=no
browseable=yes
hosts allow = 172.25.10.
valid users = rob
wq!

useradd -s /bin/false rob

smbpasswd -a rob
passwd:

systemctl restart smb nmb

smbclient //system1/common -U rob
smb:>

11.samba, multiuser mount (write permission for user robby; mount with user rob
credentials)
system1:
mkdir /multi
chcon -t samba_share_t /multi
touch /multi/test1
vim /etc/samba/smb.conf
[multi]
comment=xyz
path=/multi
public=no
writable=no
browseable=yes
writelist = robby
hosts allow = 172.25.10.
valid users = rob, robby
wq!

useradd -s /bin/false rob

useradd -s /bin/false robby

smbpasswd -a rob
passwd: test123

smbpasswd -a robby
passwd: red123

setfacl -m u:robby:rwx /multi

systemctl restart smb nmb
smbclient //system1/multi -U rob
smb:>!ls
put test1 ## not successful
smbclient //system1/multi -U robby
smb:> !ls
put test1 ## successful
 exit

system2:
yum install cifs-utils -y
mkdir /mountpt
vim /root/file.txt
username=rob
password=test123
wq!
vim /etc/fstab
//system1.group10.example.com/multi /mountpt cifs
credentials=/root/file.txt,multiuser,sec=ntlmssp 0 0
wq!
mount -a
df -h

12-14:apache1-3
system1:
yum install httpd -y
systemctl start httpd
systemctl enable httpd

firewall-cmd --permanent --add-service=httpd

firewall-cmd --reload

cd /var/www/html
wget http://... -O index.html

mkdir /var/www/html/private
setfacl -m u:user:rwx /var/www/html/private
cd /var/www/html/private
wget http://... -O index.html

mkdir /var/www/virtual
cd /var/www/virtual
wget http://... -O index.html

vim /etc/httpd/conf.d/web1.conf
### Used single file for all 5 apache configurations.
<VirtualHost 172.25.10.11:80>
ServerAdmin root@system1.group11.example.com
DocumentRoot /var/www/html
ServerName system1.group11.example.com
</VirtualHost>

<Directory "/var/www">
AllowOverride none
Require all granted
</Directory>

<Directory "/var/www/html">
Order deny,allow
Deny from all
Allow from 172.25.10.
### Allow from domain
</Directory>
#####################################
<VirtualHost 172.25.10.11:80>
ServerAdmin root@system1.group11.example.com
 DocumentRoot /var/www/html/private
ServerName system1.group11.example.com
</VirtualHost>

<Directory "/var/www/html/private">
Order deny,allow
Deny from all
Allow from 172.25.10.11
### Allow only from local host
</Directory>
#####################################
<VirtualHost 172.25.10.11:80>
ServerAdmin root@system1.group11.example.com
DocumentRoot /var/www/virtual
ServerName www1.group11.example.com
</VirtualHost>

NameVirtualHost 172.25.10.11:80

<Directory "/var/www/virtual">
AllowOverride none
Require all granted
</Directory>

<Directory "/var/www/virtual">
Order deny,allow
Deny from all
Allow from 172.25.10.
### Allow from domain
</Directory>
#####################################
wq!

systemctl restart httpd

elinks --dump system1.group11.example.com
elinks --dump system1.group11.example.com/private
elinks --dump www1.group11.example.com

check from browser:

apache1: check from system2 browser
apache2: check from system1 browser (note:system2 browser - you should
not get)
apache3: check from system2 browser

system2:
curl -k system1.group11.example.com
curl -k system1.group11.example.com/private
curl -k www1.group11.example.com

check from browser

15:apache-4
yum install mod_ssl -y
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

cd /etc/pki/tls/certs
wget http://... example-ca.crt
wget http://... www10.crt
 cd /etc/pki/tls/private
wget http://... www10.key
chmod 600 www10.key
vim /etc/httpd/conf.d/web1.conf
<VirtualHost 172.25.10.11:443>
DocumentRoot /var/www/html
ServerName system1.group11.example.com
###SSL 8 lines
SSLEngine on
SSL Protocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/www10.crt
SSLCertificateKeyFile /etc/pki/tls/private/www10.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
#####################################
wq!

systemctl restart httpd

browser - https://system1.group11.example.com

16:apache-5
yum install mod_wsgi -y
cd /var/www/html
wget http://... -O webapp.wsgi
semanage port -l |grep http
semanage port -a -t httpd_sys_t protocol tcp 8990 ### port-no.
as in question
semanage port -l |grep http
vim /etc/httpd/conf/httpd.conf
Listen 8990
firewall-cmd --permanent --add-port=8990/tcp
firewall-cmd --reload
vim /etc/httpd.conf/web1.conf
<VirtualHost 172.25.10.11:80>
DocumentRoot /var/www/html
ServerName webapp.group11.example.com
WSGIScriptAlias / /var/www/html/webapp.wsgi
</VirtualHost>
systemctl restart httpd
browser -- check
elinks --dump webapp.group10.example.com

17-18: iscsi-server and client

system1:
yum install targetcli -y
systemctl start target
systemctl enable target
systemctl enable iscsid
firewall-cmd --permanent --add-port=3260/tcp
firewall-cmd --reload
check with lsblk and fdisk the desired one
fdisk /dev/sda
n - p - 1
+3100M
### size as per question. if 3g then 3*1024+'some-additional MB say 28'
= 3100M
t --> 8e
 ### for LVM
w
partprobe /dev/sda
pvcreate /dev/sda1
vgcreate iscsi_vg /dev/sda1
lvcreate -L 3G -n iscsi_lv iscsi_vg

targetcli
/backstores/block create block1 /dev/iscsi_vg/iscsi_lv
iqn server:
/iscsi create iqn.2014-11.com.example.group11:system1
iqn client:
/iscsi/iqn.2014-11.com.example.group11:system1/tpg1/acls create iqn.2014-
11.com.example.group11:system2
lun:
/iscsi/iqn.2014-11.com.example.group11:system1/tpg1/luns create
/backstores/block/block1
portal/IP:
/iscsi/iqn.2014-11.com.example.group11:system1/tpg1/portals create
172.25.10.11 ### IP of system1
saveconfig
exit

systemctl restart target

systemctl restart iscsid

system2:
rpm -qa|grep iscsi-initiator-tools
systemctl start iscsi iscsid
systemctl enable iscsi iscsid

iscsiadm -m discovery -t st -p 172.25.10.11

vim /etc/iscsi/initiatorname
iqn.....:system2
wq!
iscsiadm -m node -T iqn....:system1 -p 172.25.10.11:3260 -l

check with lsblk (check 3G size) and fdisk the desired one
fdisk /dev/sda
n - p - 1
+2G
###size as per question
w
partprobe
mkfs.ext4 /dev/sda1
blkid /dev/sda1 ### notedown
the UUID
mkdir /mnt/iscsi
vim /etc/fstab
UUID=xxxx /mnt/iscsi ext4 _netdev 0 0
wq!
systemctl restart iscsi
mount -a
touch /mnt/iscsi/test1{1..3}
iscsiadm -m node -T iqn.....system1 -p 172.25.10.11:3260 -u
systemctl reboot
check /mnt/iscsi

19-20:mariadb-installation, queries
 yum groupinstall mariadb mariadb-client -y
vim /etc/my.cnf
###under mysql section
skip-networking=1
wq!
systemctl start mariadb
systemctl enable mariadb
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload
mysql_secure_installation ###(press y
for all defaults, user root password as given in question)
mysql -u root -p
create database Contains;
exit
cd /root
wget http://xxx.dump
mysql -u root -p Contains < /root/xxx.dump
mysql -u root -p
create user xyz@localhost identified by 'abcd'
grant select on Contains.* to xyz@localhost
exit
mysql -u xyz -p
use Contains;
show tables;
desc tab1;
desc tab2;
desc tab3;

query1: What is the first name of the user with password "ABCD"?
select * from tabx where password="ABCD";
###The table where passwords are stored will not have the first name of
the users.
###hence note the common key-value -- example "id_no" and check
corresponding first-name in another table.
select * from taby where id_no="previous";
With this we can get the first name of the person whose password is "ABCD"

query2: Howmany MARK users are there with the location "XYZ"?
it is 0
select * from tabx where location="XYZ";
###The table where location is stored will not have the names of the
users.
###hence note the common key-value -- example "id_no" and check
corresponding name in another table.
select * from taby where id_no="previous";
With this we can get the name of the person whose location is "XYZ"

21,22:script-1, 2

script1:

#!/bin/bash
if [ "$1" == "perl" ]
then echo "python"
elif [ "$1" == "python" ]
then echo "perl"
else
echo "err:perl/python"
fi

script2:

#!/bin/bash
if [ $# -eq 0 ]; then
echo "Usage:/root/script"
exit 1
elif [ -f $1 ]; then
for i in `cat $1`
do useradd -s /bin/false $i
done
exit 0
else
echo "File Not Found"
exit 2
fi