1).
First step is to crack password of Virtual Machine
On
start up the cpu press E (for edit)
Now
go to on second line
Press
E(for edit)
Now
give space and write 1(or s) then press enter
Now
press b
Now
we change password for root
setenforce
0
passwd
root
reboot
2). setup a ip addr for virtual macine as ip addr 192.168.0.y subnet
mask 255.255.255.0 Default gateway 192.168.0.254 nameserver 192.168.0.254 and
hostname as serverx.example.com ( where "x" is the fourth byte of
base machine ip & y=x+100 ).
Rite
click on Network Manager(In graphical)
Edit
connections
Add
IPv4
setting
Now
select manual
Now
click on add
Add
details as per above mentioned
Apply
Service
NetworkManager restart
Chkconfig
NetworkManager on
Hostname
Hostname
serverX.example.com
Vim
/etc/sysconfig/network
Now
edit hostname-à
HOSTNAME=serverx.example.com
Service
network restart
Nslookup
serverX.example.com
Ping
192.168.0.254
Ethtool
eth0
Iptables
–F
Service
iptables save
Service
iptables restart
Chkconfig
iptables on
By
default firefox is not installed on VM so we can install firefox on VM
First
create yum
Vim
/etc/yum.repos.d/exam.repo
[exam]
Baseurl= ftp://192.168.0.254/pub/rhel6/dvd
Gpgcheck=0
Your system has a new physical partition mounted under /common with a 400MiB ext4 file system.
[Note: Because partition sizes are seldom exactly whatever specified when they are created, anything within the range of 350 to 450MB is acceptable.]
[Note: Because partition sizes are seldom exactly whatever specified when they are created, anything within the range of 350 to 450MB is acceptable.]
Fdisk
–l /dev/vda
Fdisk
/dev/vda
N
E
3
9837
Whole
memory
Enter
W
Fdisk
/dev/vda
N
L
Enter
+400M
w
Partx
–a /dev/vda
Mkfs.ext4
/dev/vda5
Mkdir
/common
Vim
/etc/fstab
/dev/vda5 /common ext4 defaults 0
0
Mount
–a
Df
–h
Create the following users, groups, and group memberships:
A group named sysadmin.
A user natasha who belongs to sysadmin as a secondary group.
A user sarah who also belongs to sysadmin as a secondary group.
A user harry who does not have access to an interactive shell on
the system, and who is not a member of sysadmin.
natasha, sarah and harry should all have the password of thuctive.
Groupadd sysadmin
Useradd Natasha
Usermod –G sysadmin Natasha
Usermod –G sysadmin sarah
Useradd –s /sbin/nologin harry
Passwd Natasha
Thuctive
Passwd sarah
Thuctive
Passwd harry
Thuctive
Create a collaborative directory /common/admin with the following characteristics:
Group ownership of /common/admin is sysadmin.
The directory should be readable, writable, and accessible to
members of sysadmin, but not to any other user.
(It is understood that root has access to all
files and directories on the system.)
Files created in /common/admin automatically have group ownership
set to the sysadmin group.
Mkdir
/common/admin
Chgrp
sysadmin /common/admin
Ll
–d /common/admin
Chmod
770 /common/admin
Chmod
2770 /common/admin( for making group
ownership to sysadmin group)
Su
–natasha
Cd
/common/admin/
Touch
arp
Ls
–l
exit
Install the appropriate kernel update from:ftp://instructor.example.com/pub/updates The following criteria must also be met:
The updated kernel is the default kernel when the system is
rebooted.
The original kernel remains available and bootable on the system.
Click
on link
After
that you will find two rpm packages
1)
Kernel 2) kernel – Firmware
Download both of them on desktop
First install kernel-firware
Now install kernel
Just by double click on them
Entries of kernel will be in vim /boot/grub/grub.conf
Enable IP forwarding on your machine
Vim /etc/sysctl.conf
At Line no 7
net.ipv4.ip-forward=1
Sysctl –p(for cross check)
Implement a web server for the site http://serverx.example.com
then perform the following steps:-
Rename the downloaded file to index.html
Copy this index.html to the Document Root of your web server
Do NOT make any modifications to the content of index.html
Yum install httpd* –y
Cd /var/www/html
Ls
Mv station.html
index.html
Service
httpd restart
Chkconfig
httpd on
Resize the Lvm partition "home" to 150MiB.
W
Lvdisplay
Df
–h
Umount
/dev/vgsrv/home
E2fsck
–f /dev/vgsrv/home
Resize2fs
/dev/vgsrv/home 150M
Lvreduce
–L 150M /dev/vgsrv/home
Mount
–a
Lvdisplay
Df
–h
For
extend we use following command
Lvextend
–L 250M /dev/vgsrv/home
Resize2fs -f
/dev/vgsrv/home
Mount
-a
10). Configure
FTP access
Configure FTP access on your system:
Clients within the example.com domain should have anonymous FTP
access to your machine
Yum
install vsftpd
Service
vsftpd restart
Chkconfig
vsftpd on
Booleans
on of Selinux
getsebool -a | grep ftp (1,5)
setsebool
–P Boolean name on
The user natasha must configure a cron job that runs daily at
14:23 local time and executes /bin/echo hiya
Crontab
–u natasha –e
23
14 * * * /bin/echo “hiya”
Service
crond restart
Chkconfig
crond on
Crontab
–u natsah -l
SELinux must be running in the Enforcing mode.
sestatus
Setenfoce 1
Vim /etc/Selinux/config
getenforce
Copy the file /etc/fstab to /var/tmp. Configure the permissions
of/var/tmp/fstab so that:
The file /var/tmp/fstab is owned by the root user.
The file /var/tmp/fstab belong to the group root.
The file /var/tmp/fstab should not be executable by anyone.
The user natasha is able to read and write /var/tmp/fstab.
The user sarah can neither write nor read /var/tmp/fstab.
[Note: all other users (current or future) have
the ability to read/var/tmp/fstab.]
Cp /etc/fstab /var/tmp
Ll /var/tmp/fstab
Setfacl –m u:Natasha:rw- /var/tmp/fstab
Setfacl –m u:sarah:---
/var/tmp/fstab
Getfacl /var/tmp/fstab
Configure your system so that it is an NTP client of
instructor.example.com.
Ntpdate
–b 192.168.0.254
Service
ntpd stop
Vim
/etc/ntp.conf
Server
192.168.0.254
Service
ntpd start
Chkconfig
ntpd on
Find files in your system which is owned by natasha user &
copy all the files on /backup/somefile directory
w
Find /
-user natasha
Find /
-user Natasha -exec cp
-rvf {} /backup/somefile/ \;
Mkdir
–p /backup/somefile;find / -user Natasha –exec cp –a –rvf {} /backup/somefile \;
Ls
–l /backup/somefile/
Create a SWAP partition of 450 megabyte and make
available at next reboot.
Free
–m
Fdisk
/dev/vda
N
L
+450M
T
6
82
W
Partx
–a /dev/vda
Mkswap
/dev/vda6
Swapon
/dev/vda6
Free
–m
Vim
/etc/fstab
/dev/vda6 swap swap defaults 0
0
Mount
–a
Free
–m
Authenticate users from LDAP Directory Servers which have:
ServerName: instructor.example.com. Base DN:
dc=example,dc=com.
Download certificate from
ftp://instructor.example.com/pub/EXAMPLE-CA-CERT
Authenticate with users ldapuserx with have
password of password.
Configure autofs such that server's home
directory instructor.example.com:/home/guests/ldapuserx mounted on
/home/guests/ldapuserx.
Now ldap
client configuration
Yum
install openldap* -y
System-config-authentication
First
choose Identity & Authentication tab
In user
account configuration choose ldap user
Now write Base DN: dc=example,dc=com
& ldap server name: instructor.example.com
Now click on use TLS to encrypt
Now click on Download CA certificate
Now enter url as ftp://instructor.example.com/pub/EXAMPLE-CA-CERT
Now in authentication method choose ldap password
Chkconfig sssd on
Su –
ldapuser7
Here is
showing error. For removing error we make directory & mount server
directory on this
Mkdir –p
/home/guest/ldapuser7
Mount
192.168.0.254:/home/guests/ldapuser7 /home/guests/ldapuser7
Su –
ldapuser7
Logout
Now we can
also use other way to do this task
Add entry
in file
Vim
/etc/auto.master
/home/guests /etc/auto.misc
Add other entry
in file as
Vim
/etc/auto.mics
Ldapuser7 -rw,soft,intr instructor.example.com:/home/guests/ldapuser7
Due to bug
first make service stop & then start
Service
autofs stop
Service
autofs start
Chkconfig
autofs on
Su –
ldapuser7
Create
the following user name neo with uid 1337 and set the password password:
Useradd
–u 1337 neo
Tail
-1 /etc/passwd
Passwd
neo
Password
Create
the volume group with name myvol with 8 MiB P.E. and create the lvm name mydatabase
with the 20 P.E. and format this lvm with vfat and create a directory /database
and mount this lvm permanently on /database.
Fdisk
/dev/vda
N
L
+167M
T
7
8e
W
Partx
–a /dev/vda
Pvcreate
/dev/vda7
Vgcreate
–s 8M myvol /dev/vda7
Vgdisplay
Myvol
Lvcreate
–L 160M –n mydatabase myvol
Lvdisplay
Mkfs.vfat /dev/myvol/mydatabase
Mkdir
/database
Vim /etc/fstab
/dev/myvol/mydatabase /database vfat defaults 0 0
Mount
–a
Df
–h
Find the string root from /etc/passwd file and save the result in
/searchfile.
Grep
“root” /etc/passwd > /searchfile
Cat
/search
/usr/local/sbin/install-vserver(
for Installation virtual machine)
RHCE PAPER
Two Network
have been given here
example.com-------192.168.0.0/255.255.255.0
cracker.org---------172.24.0.0/255.255.0.0
iptables -F
service
iptables save
service
iptables restart
chkconfig
iptables on
Now create
yum
1).
Configure SSH access
Configure
SSH access as follows:
sarah has
remote SSH access to your machine from within example.com
Clients
within cracker.org should NOT have access to ssh on your System
vim
/etc/ssh/sshd_config
allowusers
sarah root
here we use
TCP wrapper secruity. we make some entries as such follows
vim
/etc/hosts.allow
sshd:
192.168.0.0/255.255.255.0
vim
/etc/hosts.deny
sshd:
172.24.0.0/255.255.255.0
service sshd
restart
chkconfig
sshd on
2). Restrict
crontab
User neo
should not be able to use crontab.
for this
make entries in below mentioned file
vim
/etc/cron.deny
neo
service
crond restart
chkconfig
crond on
3).
Configure FTP access
Configure
FTP access on your system:
Clients
within the example.com domain should have anonymous FTP access to your machine
Clients outside
example.com should NOT have access to your FTP service.
yum install
vsftpd* -y
yum installl
ftp* -y
vim
/etc/hosts.allow
vsftpd:
192.168.0.0/255.255.255.0
vim
/etc/hosts.deny
vsftpd: ALL
service
vsftpd restart
chkconfig
vsftpd on
ftp
192.168.0.110
ftp
127.0.0.1
Boolean
again on as previous question in ftp
Getsebool –a
| grep ftp
Allow_ftpd_annon_write(1)
ftp_home_dir(5)
setsebool –P
Allow_ftpd_annon_write 1
setsebool –P
ftp_home_dir 1
4). Share
the /common directory via SMB
Share the
/common directory via SMB:
Your SMB
server must be a member of the STAFF workgroup
The
share’s name must be common.
The shared
share must be available to example.com domain clients only
The shared
share must be browseable.
sarah must
have read access to the share, authenticating with the same password flectrag,
if necessary.
mkdir /common
yum install
samba* -y
vim
/etc/samba/smb.conf
workgroup=STAFF
[common]
path=/common
browseable=yes
valid users=sarah
hosts
allow=192.168.0.0/255.255.255.0
read
only=yes
useradd
sarah
smbpasswd -a
sarah
ls -lz
/etc/samba/smb.conf
ll –dZ
/common
ll –dZ
/etc/samba
chcon -t
samba_etc_t /common
service smb
restart
chkconfig
smb on
smbclient
//192.168.0.110/common -U sarah
5).
Implement a web server
Rename the
downloaded file to index.html
Copy this
index.html to the Document Root of your web server
Do NOT make
any modifications to the content of index.html
yum install
httpd* -y
cd
/var/www/html
mv
station.html index.html
vim
/etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.110:80
<virtualhost 192.168.0.110:80>
Document
Root /var/www/html
servername
server10.example.com
</virtualhost>
service
httpd restart
chkconfig
httpd on
6). Extend
your web server
Extend your
web server to include a virtual host for the site http://wwwx.example.com/, where x is your station number,
then perform the following steps:
Set the
DocumentRoot to /var/www/virtual
Rename the
downloaded file to index.html
Place this
index.html in the DocumentRoot of the virtual host
Do NOT make
any modifications to the content of index.html
Ensure that
sarah is able to create content in /var/www/virtual
[Note: The
original web site http://serverX.example.com must still
eaccessable. DNS resolution for the hostname wwwx.example.com is already
provided by the name server on instructor.example.com.]
mkdir
/var/www/virtual
cd
/var/www/virtual
vim
/etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.110:80
<virtualhost 192.168.0.110:80>
Document
Root /var/www/html
servername
server10.example.com
</virtualhost>
<virtualhost 192.168.0.110:80>
Document
Root /var/www/virtual
servername
www10.example.com
</virtualhost>
service
httpd restart
chkconfig
httpd on
setfacl -m
u:sarah:rw /var/www/virtual
7).
Configure Web Server access
Create a
directory in your DocumentRoot named "restrict"
Rename the
downloaded file to index.html
Copy this
index.html to the "restrict" directory in the DocumentRoot of your
web server
Do NOT make
any modifications to the content of index.html
"restrict"
directory should not be accessible to anyone except example.com network
yum install
httpd* -y;mkdir /var/www/html/restrict;cd
/var/www/html/restrict;wget ftp://instructor.example.com/pub/rhce/station.html; mv
station.html index.html;
vim
/etc/httpd/conf/httpd.conf
<Directory
/var/www/html/restrict>
order
allow,deny
allow from
192.168.0.0
</Directory>
service
httpd restart
chkconfig
httpd on
Export your /common directory via NFS to the example.com Domain
only.
[Note: because you will not have root access,
you will not be able to directly Mount your exported /common directory using
your guest account on the system provided for testing. However, the
auto-mounter on the system has been configured such that it will automount your
/common directory under /home/guestx/nfs/stationx, where x is your station
number. Consequently, successful execution of ls /home/guestx/nfs/stationx
indicates that the automounter was able to automount your NFS share.]
Rpm
–q nfs-utils
Yum
install nfs-utils
Vim
/etc/exports
/common
192.168.0.0/255.255.255.0(ro,sync)
Service
nfs restart
Chkconfig
nfs on
Service
rpcbind restart
Chkconfig
rpcbind on
Showmount
-e
Configure an email alias for your MTA such that mail sent to admin
is received by the local user sarah.
Vim /etc/aliases
Admin: sarah( add this
entry to at the last of the file)
Now save the file & run the following command:
Newaliases
Configure SMTP mail service according to the following
requirements:
Your mail server should accept mail from remote hosts and
localhost.
Sarah must be able to receive mail from remote hosts. Mail
delivered to sarah should spool into the default mail spool for sarah,
/var/spool/mail/sarah.
Yum install postfix* -y
Vim /etc/postfix/main.cf
At line no 113
Inet_interfaces = all
#inet_interfaces =
localhost
Service postfix restart
Chkconfig postfix on
Yum install telnet* -y
telnet 127.0.0.1 25
quit
telnet 192.168.0.110 25
quit
mount this iso permanently as a read only on /mnt/iso
mkdir /mnt/iso
vim /etc/fstab
/root/Desktop/boot.iso /mnt/iso iso9660 defaults,loop,ro 0 0
Mount –a
Df –h
Dicover an ISCSI device on your system and create a partition on
that device of size 10 MiB mounted under directory /iscsi. Create a file named
abc.txt in /iscsi directory. Configure permission of that file such that user
sarah can read, write and execute this file.
yum install iscsi-initiator-utils –y
iscsiadm –m discovery -t st -p 192.168.0.254:3260
Trying to login
with the iSCSI
Now copy
iqn.2012-10.com.example:disk1
Iscsiadm -m node
-T iqn.2012-10.com.example:disk1
-p 192.168.0.254:3260 -l
fdisk –l
fdisk /dev/sda
make 10MB partition
partprobe /dev/sda
mkfs.ext4 /dev/sda1
Checking the UUID for disk
blkid /dev/sda1
now copy
UUID="71e86162-011d-49f1-9b4a-9f95a277e6b5"
Add the next entry in /etc/fstab file
Vim /etc/fstab
UUID=71e86162-011d-49f1-9b4a-9f95a277e6b5
/iscsi ext4 defaults,_netdev,acl 0 0Mkdir /iscsiMount –aDf –hCd /iscsi/Touch abc.txtSetfacl –m u:sarah:rwx /iscsi/abc.txt
Create a script in /progrram with the name script.sh to do the
following
When kernel is passed as an argument then the output is user.
When user is passed as argument then the output is kernel.
When neither kernel nor user is passed then the output is
"--stdin error".
Mkdir /progrram
Cd /program
Touch script.sh
Chmod +x script.sh
Vim script.sh
#!/bin/bash
If [ “$1” == “kernel” ]
Then
Echo “user”
Elif [ “$1” == “user” ]
Then
Echo “kernel”
Else
Echo “—stdin error”
fi
Now save the file and run test.
Sh script.sh
On
start up the cpu press E (for edit)
Now
go to on second line
Press
E(for edit)
Now
give space and write 1(or s) then press enter
Now
press b
Now
we change password for root
setenforce
0
passwd
root
reboot
2). setup a ip addr for virtual macine as ip addr 192.168.0.y subnet
mask 255.255.255.0 Default gateway 192.168.0.254 nameserver 192.168.0.254 and
hostname as serverx.example.com ( where "x" is the fourth byte of
base machine ip & y=x+100 ).
Rite
click on Network Manager(In graphical)
Edit
connections
Add
IPv4
setting
Now
select manual
Now
click on add
Add
details as per above mentioned
Apply
Service
NetworkManager restart
Chkconfig
NetworkManager on
Hostname
Hostname
serverX.example.com
Vim
/etc/sysconfig/network
Now
edit hostname-à
HOSTNAME=serverx.example.com
Service
network restart
Nslookup
serverX.example.com
Ping
192.168.0.254
Ethtool
eth0
Iptables
–F
Service
iptables save
Service
iptables restart
Chkconfig
iptables on
By
default firefox is not installed on VM so we can install firefox on VM
First
create yum
Vim
/etc/yum.repos.d/exam.repo
[exam]
Baseurl= ftp://192.168.0.254/pub/rhel6/dvd
Gpgcheck=0
Your system has a new physical partition mounted under /common with a 400MiB ext4 file system.
[Note: Because partition sizes are seldom exactly whatever specified when they are created, anything within the range of 350 to 450MB is acceptable.]
[Note: Because partition sizes are seldom exactly whatever specified when they are created, anything within the range of 350 to 450MB is acceptable.]
Fdisk
–l /dev/vda
Fdisk
/dev/vda
N
E
3
9837
Whole
memory
Enter
W
Fdisk
/dev/vda
N
L
Enter
+400M
w
Partx
–a /dev/vda
Mkfs.ext4
/dev/vda5
Mkdir
/common
Vim
/etc/fstab
/dev/vda5 /common ext4 defaults 0
0
Mount
–a
Df
–h
Create the following users, groups, and group memberships:
A group named sysadmin.
A user natasha who belongs to sysadmin as a secondary group.
A user sarah who also belongs to sysadmin as a secondary group.
A user harry who does not have access to an interactive shell on
the system, and who is not a member of sysadmin.
natasha, sarah and harry should all have the password of thuctive.
Groupadd sysadmin
Useradd Natasha
Usermod –G sysadmin Natasha
Usermod –G sysadmin sarah
Useradd –s /sbin/nologin harry
Passwd Natasha
Thuctive
Passwd sarah
Thuctive
Passwd harry
Thuctive
Create a collaborative directory /common/admin with the following characteristics:
Group ownership of /common/admin is sysadmin.
The directory should be readable, writable, and accessible to
members of sysadmin, but not to any other user.
(It is understood that root has access to all
files and directories on the system.)
Files created in /common/admin automatically have group ownership
set to the sysadmin group.
Mkdir
/common/admin
Chgrp
sysadmin /common/admin
Ll
–d /common/admin
Chmod
770 /common/admin
Chmod
2770 /common/admin( for making group
ownership to sysadmin group)
Su
–natasha
Cd
/common/admin/
Touch
arp
Ls
–l
exit
Install the appropriate kernel update from:ftp://instructor.example.com/pub/updates The following criteria must also be met:
The updated kernel is the default kernel when the system is
rebooted.
The original kernel remains available and bootable on the system.
Click
on link
After
that you will find two rpm packages
1)
Kernel 2) kernel – Firmware
Download both of them on desktop
First install kernel-firware
Now install kernel
Just by double click on them
Entries of kernel will be in vim /boot/grub/grub.conf
Enable IP forwarding on your machine
Vim /etc/sysctl.conf
At Line no 7
net.ipv4.ip-forward=1
Sysctl –p(for cross check)
Implement a web server for the site http://serverx.example.com
then perform the following steps:-
Rename the downloaded file to index.html
Copy this index.html to the Document Root of your web server
Do NOT make any modifications to the content of index.html
Yum install httpd* –y
Cd /var/www/html
Ls
Mv station.html
index.html
Service
httpd restart
Chkconfig
httpd on
Resize the Lvm partition "home" to 150MiB.
W
Lvdisplay
Df
–h
Umount
/dev/vgsrv/home
E2fsck
–f /dev/vgsrv/home
Resize2fs
/dev/vgsrv/home 150M
Lvreduce
–L 150M /dev/vgsrv/home
Mount
–a
Lvdisplay
Df
–h
For
extend we use following command
Lvextend
–L 250M /dev/vgsrv/home
Resize2fs -f
/dev/vgsrv/home
Mount
-a
10). Configure
FTP access
Configure FTP access on your system:
Clients within the example.com domain should have anonymous FTP
access to your machine
Yum
install vsftpd
Service
vsftpd restart
Chkconfig
vsftpd on
Booleans
on of Selinux
getsebool -a | grep ftp (1,5)
setsebool
–P Boolean name on
The user natasha must configure a cron job that runs daily at
14:23 local time and executes /bin/echo hiya
Crontab
–u natasha –e
23
14 * * * /bin/echo “hiya”
Service
crond restart
Chkconfig
crond on
Crontab
–u natsah -l
SELinux must be running in the Enforcing mode.
sestatus
Setenfoce 1
Vim /etc/Selinux/config
getenforce
Copy the file /etc/fstab to /var/tmp. Configure the permissions
of/var/tmp/fstab so that:
The file /var/tmp/fstab is owned by the root user.
The file /var/tmp/fstab belong to the group root.
The file /var/tmp/fstab should not be executable by anyone.
The user natasha is able to read and write /var/tmp/fstab.
The user sarah can neither write nor read /var/tmp/fstab.
[Note: all other users (current or future) have
the ability to read/var/tmp/fstab.]
Cp /etc/fstab /var/tmp
Ll /var/tmp/fstab
Setfacl –m u:Natasha:rw- /var/tmp/fstab
Setfacl –m u:sarah:---
/var/tmp/fstab
Getfacl /var/tmp/fstab
Configure your system so that it is an NTP client of
instructor.example.com.
Ntpdate
–b 192.168.0.254
Service
ntpd stop
Vim
/etc/ntp.conf
Server
192.168.0.254
Service
ntpd start
Chkconfig
ntpd on
Find files in your system which is owned by natasha user &
copy all the files on /backup/somefile directory
w
Find /
-user natasha
Find /
-user Natasha -exec cp
-rvf {} /backup/somefile/ \;
Mkdir
–p /backup/somefile;find / -user Natasha –exec cp –a –rvf {} /backup/somefile \;
Ls
–l /backup/somefile/
Create a SWAP partition of 450 megabyte and make
available at next reboot.
Free
–m
Fdisk
/dev/vda
N
L
+450M
T
6
82
W
Partx
–a /dev/vda
Mkswap
/dev/vda6
Swapon
/dev/vda6
Free
–m
Vim
/etc/fstab
/dev/vda6 swap swap defaults 0
0
Mount
–a
Free
–m
Authenticate users from LDAP Directory Servers which have:
ServerName: instructor.example.com. Base DN:
dc=example,dc=com.
Download certificate from
ftp://instructor.example.com/pub/EXAMPLE-CA-CERT
Authenticate with users ldapuserx with have
password of password.
Configure autofs such that server's home
directory instructor.example.com:/home/guests/ldapuserx mounted on
/home/guests/ldapuserx.
Now ldap
client configuration
Yum
install openldap* -y
System-config-authentication
First
choose Identity & Authentication tab
In user
account configuration choose ldap user
Now write Base DN: dc=example,dc=com
& ldap server name: instructor.example.com
Now click on use TLS to encrypt
Now click on Download CA certificate
Now enter url as ftp://instructor.example.com/pub/EXAMPLE-CA-CERT
Now in authentication method choose ldap password
Chkconfig sssd on
Su –
ldapuser7
Here is
showing error. For removing error we make directory & mount server
directory on this
Mkdir –p
/home/guest/ldapuser7
Mount
192.168.0.254:/home/guests/ldapuser7 /home/guests/ldapuser7
Su –
ldapuser7
Logout
Now we can
also use other way to do this task
Add entry
in file
Vim
/etc/auto.master
/home/guests /etc/auto.misc
Add other entry
in file as
Vim
/etc/auto.mics
Ldapuser7 -rw,soft,intr instructor.example.com:/home/guests/ldapuser7
Due to bug
first make service stop & then start
Service
autofs stop
Service
autofs start
Chkconfig
autofs on
Su –
ldapuser7
Create
the following user name neo with uid 1337 and set the password password:
Useradd
–u 1337 neo
Tail
-1 /etc/passwd
Passwd
neo
Password
Create
the volume group with name myvol with 8 MiB P.E. and create the lvm name mydatabase
with the 20 P.E. and format this lvm with vfat and create a directory /database
and mount this lvm permanently on /database.
Fdisk
/dev/vda
N
L
+167M
T
7
8e
W
Partx
–a /dev/vda
Pvcreate
/dev/vda7
Vgcreate
–s 8M myvol /dev/vda7
Vgdisplay
Myvol
Lvcreate
–L 160M –n mydatabase myvol
Lvdisplay
Mkfs.vfat /dev/myvol/mydatabase
Mkdir
/database
Vim /etc/fstab
/dev/myvol/mydatabase /database vfat defaults 0 0
Mount
–a
Df
–h
Find the string root from /etc/passwd file and save the result in
/searchfile.
Grep
“root” /etc/passwd > /searchfile
Cat
/search
/usr/local/sbin/install-vserver(
for Installation virtual machine)
RHCE PAPER
Two Network
have been given here
example.com-------192.168.0.0/255.255.255.0
cracker.org---------172.24.0.0/255.255.0.0
iptables -F
service
iptables save
service
iptables restart
chkconfig
iptables on
Now create
yum
1).
Configure SSH access
Configure
SSH access as follows:
sarah has
remote SSH access to your machine from within example.com
Clients
within cracker.org should NOT have access to ssh on your System
vim
/etc/ssh/sshd_config
allowusers
sarah root
here we use
TCP wrapper secruity. we make some entries as such follows
vim
/etc/hosts.allow
sshd:
192.168.0.0/255.255.255.0
vim
/etc/hosts.deny
sshd:
172.24.0.0/255.255.255.0
service sshd
restart
chkconfig
sshd on
2). Restrict
crontab
User neo
should not be able to use crontab.
for this
make entries in below mentioned file
vim
/etc/cron.deny
neo
service
crond restart
chkconfig
crond on
3).
Configure FTP access
Configure
FTP access on your system:
Clients
within the example.com domain should have anonymous FTP access to your machine
Clients outside
example.com should NOT have access to your FTP service.
yum install
vsftpd* -y
yum installl
ftp* -y
vim
/etc/hosts.allow
vsftpd:
192.168.0.0/255.255.255.0
vim
/etc/hosts.deny
vsftpd: ALL
service
vsftpd restart
chkconfig
vsftpd on
ftp
192.168.0.110
ftp
127.0.0.1
Boolean
again on as previous question in ftp
Getsebool –a
| grep ftp
Allow_ftpd_annon_write(1)
ftp_home_dir(5)
setsebool –P
Allow_ftpd_annon_write 1
setsebool –P
ftp_home_dir 1
4). Share
the /common directory via SMB
Share the
/common directory via SMB:
Your SMB
server must be a member of the STAFF workgroup
The
share’s name must be common.
The shared
share must be available to example.com domain clients only
The shared
share must be browseable.
sarah must
have read access to the share, authenticating with the same password flectrag,
if necessary.
mkdir /common
yum install
samba* -y
vim
/etc/samba/smb.conf
workgroup=STAFF
[common]
path=/common
browseable=yes
valid users=sarah
hosts
allow=192.168.0.0/255.255.255.0
read
only=yes
useradd
sarah
smbpasswd -a
sarah
ls -lz
/etc/samba/smb.conf
ll –dZ
/common
ll –dZ
/etc/samba
chcon -t
samba_etc_t /common
service smb
restart
chkconfig
smb on
smbclient
//192.168.0.110/common -U sarah
5).
Implement a web server
Rename the
downloaded file to index.html
Copy this
index.html to the Document Root of your web server
Do NOT make
any modifications to the content of index.html
yum install
httpd* -y
cd
/var/www/html
mv
station.html index.html
vim
/etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.110:80
<virtualhost 192.168.0.110:80>
Document
Root /var/www/html
servername
server10.example.com
</virtualhost>
service
httpd restart
chkconfig
httpd on
6). Extend
your web server
Extend your
web server to include a virtual host for the site http://wwwx.example.com/, where x is your station number,
then perform the following steps:
Set the
DocumentRoot to /var/www/virtual
Rename the
downloaded file to index.html
Place this
index.html in the DocumentRoot of the virtual host
Do NOT make
any modifications to the content of index.html
Ensure that
sarah is able to create content in /var/www/virtual
[Note: The
original web site http://serverX.example.com must still
eaccessable. DNS resolution for the hostname wwwx.example.com is already
provided by the name server on instructor.example.com.]
mkdir
/var/www/virtual
cd
/var/www/virtual
vim
/etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.110:80
<virtualhost 192.168.0.110:80>
Document
Root /var/www/html
servername
server10.example.com
</virtualhost>
<virtualhost 192.168.0.110:80>
Document
Root /var/www/virtual
servername
www10.example.com
</virtualhost>
service
httpd restart
chkconfig
httpd on
setfacl -m
u:sarah:rw /var/www/virtual
7).
Configure Web Server access
Create a
directory in your DocumentRoot named "restrict"
Rename the
downloaded file to index.html
Copy this
index.html to the "restrict" directory in the DocumentRoot of your
web server
Do NOT make
any modifications to the content of index.html
"restrict"
directory should not be accessible to anyone except example.com network
yum install
httpd* -y;mkdir /var/www/html/restrict;cd
/var/www/html/restrict;wget ftp://instructor.example.com/pub/rhce/station.html; mv
station.html index.html;
vim
/etc/httpd/conf/httpd.conf
<Directory
/var/www/html/restrict>
order
allow,deny
allow from
192.168.0.0
</Directory>
service
httpd restart
chkconfig
httpd on
Export your /common directory via NFS to the example.com Domain
only.
[Note: because you will not have root access,
you will not be able to directly Mount your exported /common directory using
your guest account on the system provided for testing. However, the
auto-mounter on the system has been configured such that it will automount your
/common directory under /home/guestx/nfs/stationx, where x is your station
number. Consequently, successful execution of ls /home/guestx/nfs/stationx
indicates that the automounter was able to automount your NFS share.]
Rpm
–q nfs-utils
Yum
install nfs-utils
Vim
/etc/exports
/common
192.168.0.0/255.255.255.0(ro,sync)
Service
nfs restart
Chkconfig
nfs on
Service
rpcbind restart
Chkconfig
rpcbind on
Showmount
-e
Configure an email alias for your MTA such that mail sent to admin
is received by the local user sarah.
Vim /etc/aliases
Admin: sarah( add this
entry to at the last of the file)
Now save the file & run the following command:
Newaliases
Configure SMTP mail service according to the following
requirements:
Your mail server should accept mail from remote hosts and
localhost.
Sarah must be able to receive mail from remote hosts. Mail
delivered to sarah should spool into the default mail spool for sarah,
/var/spool/mail/sarah.
Yum install postfix* -y
Vim /etc/postfix/main.cf
At line no 113
Inet_interfaces = all
#inet_interfaces =
localhost
Service postfix restart
Chkconfig postfix on
Yum install telnet* -y
telnet 127.0.0.1 25
quit
telnet 192.168.0.110 25
quit
mount this iso permanently as a read only on /mnt/iso
mkdir /mnt/iso
vim /etc/fstab
/root/Desktop/boot.iso /mnt/iso iso9660 defaults,loop,ro 0 0
Mount –a
Df –h
Dicover an ISCSI device on your system and create a partition on
that device of size 10 MiB mounted under directory /iscsi. Create a file named
abc.txt in /iscsi directory. Configure permission of that file such that user
sarah can read, write and execute this file.
yum install iscsi-initiator-utils –y
iscsiadm –m discovery -t st -p 192.168.0.254:3260
Trying to login
with the iSCSI
Now copy
iqn.2012-10.com.example:disk1
Iscsiadm -m node
-T iqn.2012-10.com.example:disk1
-p 192.168.0.254:3260 -l
fdisk –l
fdisk /dev/sda
make 10MB partition
partprobe /dev/sda
mkfs.ext4 /dev/sda1
Checking the UUID for disk
blkid /dev/sda1
now copy
UUID="71e86162-011d-49f1-9b4a-9f95a277e6b5"
Add the next entry in /etc/fstab file
Vim /etc/fstab
UUID=71e86162-011d-49f1-9b4a-9f95a277e6b5
/iscsi ext4 defaults,_netdev,acl 0 0Mkdir /iscsiMount –aDf –hCd /iscsi/Touch abc.txtSetfacl –m u:sarah:rwx /iscsi/abc.txt
Create a script in /progrram with the name script.sh to do the
following
When kernel is passed as an argument then the output is user.
When user is passed as argument then the output is kernel.
When neither kernel nor user is passed then the output is
"--stdin error".
Mkdir /progrram
Cd /program
Touch script.sh
Chmod +x script.sh
Vim script.sh
#!/bin/bash
If [ “$1” == “kernel” ]
Then
Echo “user”
Elif [ “$1” == “user” ]
Then
Echo “kernel”
Else
Echo “—stdin error”
fi
Now save the file and run test.
Sh script.sh
Pass the parameter to kernel.
Pass the parameter "kernelbp=1" to the kernel.
Enter this value at the last of the line kernel in /etc/grub.conf
Vim /etc/grub.conf
Now save and restart the machine
And now check with this
Cat /proc/cmdline
Pass the parameter to kernel.
Pass the parameter "kernelbp=1" to the kernel.
Enter this value at the last of the line kernel in /etc/grub.conf
Vim /etc/grub.conf
Now save and restart the machine
And now check with this
Cat /proc/cmdline
