RHCE

Note:- new virtual system will be given for RHCE Exam Paper so set the password and put ur system on
dhcp according to the exam paper.
IPADD=DHCP
DNS 192.168.0.254
YUM Repository URL ftp://instructor.example.com/pub/rhel6/dvd/Server

.example.com 192.168.0.0/24 (ur n/w address)

.remote.test 192.168.1.0/24 (cracker's n/w address)

Password for all users=password

Initial Configuration :-
Go to single user mode and set the password.
Firewall and Selinux configration
#lokkit --disabled
#lokkit --selinux=permissive
#setup
Setup the network configration to dhcp and dns as specified.
Now set yum Client
#vi base.repo
[base]
name=my base
baseurl=ftp://192.168.0.254/pub/rhel6/dvd/Server
enabled=1
gpgcheck=0

:wq!

#init 6

Login with root

Now start checking conectivity

#ifconfig
#hostname
#ping 192.168.0.254  server ip address
#nslookup 192.168.0.117  your ip address
1) Selinux

Set SELinux to enforcing mode

#lokkit --disabled
#lokkit --selinux=enforcing
#sestatus
#setenforce 1
#sestatus

2) Ipforward

Configure your host such that it can forward ipv4 packets

#vi /etc/sysctl.conf

Change net.ipv4.ip_forward = 0 change 0 to 1

:wq!

#sysctl -p

Note:- install nmap to check the configration later

3) SMTP

Configure an SMTP mail server. Your host should be able to receive remote
mails.
Mail of root should be spooled to /var/spool/mail/root.

#rpm -qa postfix

#vi /etc/postfix/main.cf

Search for #inet_interface=all remove # of the line

Add # to the line inet_interface=localhost

:wq!

#service postfix restart

#chkconfig --level 35 postfix on
#mail root@server17.example.com
#mail  you will see the mail

Remote Checking go to base system

#mail root@server17.example.com

Go to virtual system and check

#mail
4) ALIAS

All mails sent to admin user should be directed to harry

Create user if not present and set password.

#useradd harry
#passwd harry
#useradd admin
#passwd admin
#vi /etc/aliases

At the end

admin: harry

:wq!

#newaliases

Local testing

#mail admin@server17.example.com

#su - harry
$ mail
$ logout

Remote testing

#mail admin@server17.example.com

Now go to virtual system

#su - harry
$mail
$logout
 5) Script

Create a script in bash /root/s1.sh such that ,If the script is run in the
following manner -
# /root/s1.sh apple
o/p --> mango
AND
# /root/s1.sh mango
o/p --> apple
Make sure that if the no. arguement is not provided properly , then error
o/p
should be displayed as
o/p --> Invalid Arguement
If wrong arguement is provided , then error o/p should be displayed as
o/p --> mango|apple

#vi /root/s1.sh

#!/bin/bash

If [ $# -ne 1 ]; then
echo “invalidargument” >&2 use this if redirection is der

elif [ $1 = “apple” ]; then

echo “mango”

elif [ $1 = “mango” ]; then

echo “apple”

else
echo “mango|apple” >&2 use this if redirection is der

fi

:wq!

#chmod u+x /root/s1.sh

#/root/s1.sh
#/root/s1.sh apple
#/root/s1.sh mango
#/root/s1.sh abcd
6) FTP

Configure an ftp server. User <sam> should be able to login via ftp .
anonymous user can download from your site.
(.my133.org) .remote.test should be denied access to ftp server

#useradd sam
#passwd sam
#yum install vsftpd*
#head -15 /etc/vsftpd/vsftpd.conf
Check anonymous_enable=yes

#tail -5 /etc/vsftpd/vsftpd.conf
Check tcp_wrapper=yes

Note:- if any of the above is no then open the file with vi editor and
change to yes.

#service vsftpd restart

#chkconfig --level 35 vsftpd on
#getsebool -a |grep ftp
#setsebool -P ftp_home_dir 1
# getsebool -a |grep ftp
#vi /etc/hosts.deny

vsftpd:.remote.test
or -- depends on question
vsftpd:ALL EXCEPT .example.com

:wq!

Local testing
#yum install ftp
#ftp 192.168.0.117
Username: sam
Password: password
ftp> bye
remote testing
#ftp 192.168.0.117
Username: sam
Password: password
ftp> bye
7) NFS

Share a directory /nfsshare over a n/w ,accessable to (domainX.example.com)

.example.com network.

#mkdir /nfsshare
#rpm -qa nfs-utils
#vi /etc/exports
/nfsshare 192.168.0.0/24(sync)

:wq!

#service nfs restart

#chkconfig --level 35 nfs on

Local testing

#showmount -e

Remote testing
#showmount -e 192.168.0.117

8) LOOP

Mount an iso file /root/boot.iso on /data . This mount should be persistant

across system restart

Note:- boot.iso file will be avalable in /root

#cd
#ls
#mkdir /disks
#vi /etc/fstab

/root/boot.iso /disks iso9660 defaults,loop 00

:wq!

#mount -a
#df -h
9) SSH

Congigure ssh server.

This service must be accessable only over .example.com network

#yum install openssh-server

#service sshd restart
#chkconfig --level 35 sshd on
#vi /etc/hosts.deny

sshd:ALL EXCEPT .example.com

or
sshd:.remote.example

:wq!
#service sshd restart

Remote testing

#ssh root@server17.example.com
#logout

10) Website

Host an apache webserver over your hostname.

The webpage to be hosted is shared as
ftp://instructor.example.com/pub/web/station.html.
The name resolution is provided on your dns server.
Do not edit the webpage contents .

#yum install lftp*

#lftp 192.168.0.254
~>cd /pub/web
~>mget station*
~>bye
#ls
#mv station.html /var/www/index.html
#yum install http*
#vi /etc/httpd/conf/httpd.conf

Copy the 7 line and Remove #

<VirtualHost 192.168.0.117>
ServerAdmin webmaster@server17.example.com
DocumentRoot /var/www/html
ServerName server17.example.com
Errorlog logs/server17.example.com.........
Customlog logs/server17.example.com.........
</VirtualHost>  save the file and exit
 #httpd -t
#service httpd restart
#chkconfig --level 35 httpd on
#restorecon -R /var/www/html
#elinks server17.example.com

Check with firefox if needed

Remote testing

#elinks server17.example.com

11) iSCSI

Import an iscsi disk from the server

instructor.example.com(192.168.0.254)
The iscsi disk must be mounted as /iscsi .
This mount should be persistant across reboot.

#yum install iscsi-initiator-utils

#iscsiadm -m discovery -t st –p
instructor.example.com

Copy iqn.2010-09.com.example:rdisks.server17

#iscsiadm -m node –T iqn.2010-

09.com.example:rdisks.server17 –p 192.168.0.254 –l

#fdisk /dev/sda

N 
P 
1 


P 
W 
#mkfs.ext4 /dev/sda1
#mkdir /mnt/iscsi
#blkid /dev/sda1

Copy UUID

#vi /etc/fstab

Paste uuid without” /mnt/iscsi ext4 defaults,_netdev 0 0

:wq!
 #mount -a
#df -h
#cd /mnt/iscsi
#lftp 192.168.0.254
~>cd pub
~>get a
~>bye
#ls
#cd

12)Virtual Web

Host a virtual website over (www17.example.com) d.example.com . The

webpage to be hosted
is shared asftp://instructor.example.com/pub/web/www.html .
Create a DocumentRoot /var/www/virtual for hosting this page .

#lftp 192.168.0.254
~>cd pub/web
~>mget ww*
~>bye
#ls
#mkdir /var/www/html/virtual
#mv www.html /var/www/html/virtual/index.html
#vi /etc/httpd/conf/httpd.conf

Copy the last 7 and replace server17 to www17 and

DocumentRoot to /var/www/html/virtual

And also remove # of NameVirtualHost *:80 and ip your ip

address 192.168.0.117 in place of *:80

:wq!

#httpd –t
#service httpd restart
#chkconfig –level 35 httpd on
#restorecon –R /var/www/html/virtual
#elinks http://www17.example.com

Remote testing

#elinks http://www17.example.com

13) Samba

Create a samba share /samba with share name samba .

Your workgroup should be IT .
this share should be browsable . The natasha can access this share
as readable only .
This share is accessable only over .example.com
 #yum install samba*
#mkdir /samba
#vi /etc/samba/smb.conf
When you scroll down you will find

[GLOBAL]

workgroup=MYGROUP Change it to IT

Go to end of script

[SAMBA]
path = /samba
browseable = yes
read list = natasha
hosts allow = 192.168.0

:wq!

#testparm
#service smb restart
#smbpasswd –a natasha
#smbpasswd –e natasha
#service smb restart
#chkconfig –-level 35 smb on
#chcon –t samba_share_t /samba
#ls –lZd /samba
#getsebool –a |grep samba
#setsebool –P samba_enable_home_dir 1
#getsebool –a |grep samba
#smbclient //192.168.0.117/samba –U natsha
Smb:\>

Remote testing

#smbclient //192.168.0.117/samba –U natsha

Smb:\>

14) Cron deny

The user jean should not be able to add a cron job for herself

#useradd jean
#passwd jean
#vi /etc.cron.deny

Jean

:wq!

#su – jean
$crontab –e
15) copy the file boot.iso to /var/www/html/secure/ . Secure the file & make
it available to only <server17.example.com> over apache webserver .

#mkdir /var/www/html/secure
#cp boot.iso /var/www/html/secure
#vi /etc/httpd/conf/httpd.conf

Find the word Fallback

<Directory “/var/www/html/secure/boot.iso”>
AllowOverride None
Order deny,allow
Allow from server17.example.com
Deny from all
</Directory>

:wq!

#httpd –t
#service httpd restart
#chkconfig –level 35 httpd on

Local testing

Open firefox
http://server17.example.com/secure

remote testing

Open firefox

http://server17.example.com/secure

16) Pass a parameter sysvctl=1 to your kernel at boot time

. changes made should be persistant

#vi /etc/grub.conf

Kernel.................................................
............................auto rhgb quiet

At the end of the above line add sysvctl=1

:wq!

#init 6
Now check all your configration after reboot

#nmap 192.168.0.117

ftp,ssh,smtp,http,nfs port should be open

#chkconfig --list

Iscsid,nfs,smb,sshd should be runing

#cat /proc/cmline

#df –h
#smbclient //192.168.0.117/samba –u natasha
#mail admin@server17.example.com
#showmount –e
#su – harry
$mail
$logout
#ftp 192.168.0.117
Username:sam
Password:password

#elinks http://server17.example.com
#elinks http://www17.example.com

Open firefox

http://server17.example.com/secure

#/root/s1.sh
#/root/s1.sh apple
#/root/s1.sh mango
#/root/s1.sh abcd