PART-I Total -2.5 hrs

*****************************************************************************

Note:with in 1 hr you should finish compulsory questions.

Note: You have to clear the compulsory question to get eligible for RHCT and

8 questions for RHCE.

*****************************************************************************

1. Boot into your system, your root password is not been set.(compulsory)

Answer:

You have enter into single user mode and change the root password to

redhat and the enter.

2. Configure the network. Your ip and all other details will be given in

network.txt file.(compulsory)

Answer: use netconfig command to configure.

3. dig the server example.com(compulsory).

4. ping the server cracker.org(compulsory).

5. create a partition 100 mb and mount permanently in

/mnt/new(compulsory).

6.when you use showmount -e. it does not export any from /exports.

Answer:you have to correct the error in the /exports entry.

7. Lvm resize .lvm size is 220.you have to resize it to 300.(270 to 330)

is allowed.

8. userquota creation. When user neo use the command dd df= somefile

bs=1024 block=30.it should not show any error.When user neo use the command

dd df= somefile bs=1024 block=70.it should show error.

9. Trouble shooting.

10. Trouble shooting.

******************************************************************************

[Installation & configuring network & Sysadmin services]

Section2 ........... 3 hrs TOTAL : 100marks

RHCT PART [70%] 9 Questions [Qs 1 - 9]

RHCE PART [70%] 7 Questions [Qs 10 - 16]

Additional RHCE PART [30%] 3 Questions -- ANY 2

******************************************************************************

Very exhaustive -- 3 hrs RHCT PART [70%] 10 Questions

==============================================================================

QUESTION 1 - Installation and General Information

Install Redhat linux RHEL 5 through NFS.Wher your

Server is server1.example.com(192.168.0.254) and shared /var/ftp/pub.

1) The network of .example.com domain is 192.168.0.0/24

2) Installation is via NFS. You will boot from a CD which will be given

At the prompt : linux askmethod

You will get a screen : Select DHCP [IP etc put automatically by server]

You will see a screen of NFS, FTP etc

NFS : server1.example.com [Will be given]

Dir name: /var/ftp/pub [Will be given] - Install bootloader in MBR. [GRUB]

Partitioning scheme

/boot 128MB

swap same as your memory [Note when your BIOS shows it]

or sometimes they may ask u to make it 1.5 to 2x

/ 512MB

/var 512MB

/tmp 512MB

/usr 2048MB

/data (Choose remaining space) Create raid level 0

Packages to choose (decide after reading the whole paper)

1) Select X

2) Don't choose Games,Openoffice,Sound, mysql server, development tools

if kernel compilation is not asked

3) Choose httpd, Window Server (SAMBA), DNS, sendmail, text editors,

text browsers, administration tools, printing.

( Note:-dhcp & vsftpd are not installed by default so u will have to use vsftpd

& just see were u can find dhcp & squid. In sendmail select sendmail.cf)

Note: Pls don't choose minimum/everything otherwise you WILL be screwed up.

Note :- The Packages size should be between 700 to 850 MB not more than that,

otherwise it will take more than half an hour to install & u r screwed.

***********

QUESTION 2

*INSTALL a dialog rpm --- dialog-2.0<something>.rpm

ANSWER 2

# ftp server1.example.com # cd /var/ftp/pub/Server

# ls <------------ Should show lots of RPMS

# bi # prom # mget dialog* # bye On local m/c,

# rpm -ivh dialog*

************

QUESTION 3

Create following users :john, jane & eric (password for each is "password")

a. jane & john should be part of secondary group sysadmin

b. eric should not be a part of sysadmin group.

c. No interactive shell is provided to eric.

d. Create a dir /data/sysadmin/

e. Only read,write and executable by sysadmin group

f. jane & john should be able to connect to the above directory

g. Any files made under /data/sysadmin/ group should be owned by the group"sysadmin"

ANSWER 3

a. Create a grp called "sysadmin" with following command

# groupadd sysadmin

. Now adduser jane & john who should be a part of secondary grp "sysadmin"

b. # adduser -G sysadmin jane # passwd jane < password/password

# adduser -G sysadmin john

# passwd john < password/password

c. Now add user eric who is not part of group sysadmin and he should

not have an interactive shell

# adduser -s /bin/false eric

# passwd eric

d. Now make a directory /data/sysadmin

# mkdir -p /data/sysadmin # cd /data

e. # chgrp sysadmin sysadmin/

g. # chmod 2070 sysadmin/

************

QUESTION 4

- Join to NIS Server

- NIS Domain is RHCE

- NIS Server is server1.example.com (192.168.0.254)

- Using autofs, automount server1:/rhome/stationX to /rhome local directory

- The above directory should be automounted on startup.

- Some "nisuserX" has been created on server1:/rhome/stationX.

passwd is "password"

- Do the above in such a manner that after automounting as well as on reboot

the NIS user - nisuser9 - can login to his home dir on the NIS server.

ANSWER 4

Part I The NIS Client setup part

- On Client machine do the following :

authconfig-tui run the command and select nis

NisDomain :RHCE

Nis Server :192.168.0.254 (or) server1.example.com

Service ypbind restart

d. chkconfig --level 35 ypbind on

e. service portmap restart

f. chkconfig --level 35 ypbind on

g. service ypbind restart

Part II - The autofs part

# mkdir /rhome # Edit /etc/auto.master

/rhome /etc/auto.misc --timeout=60

# Edit /etc/auto.misc

* -rw,soft,intr server1:/rhome/stationX/& (or) Nisusername

# chkconfig --level 35 autofs on

# service autofs restart

Go to Next Terminal to Check

***********

QUESTION 5

- Enable IP forwarding

ANSWER 5

- Edit /etc/sysctl.conf

net.ipv4.ip_forward=0

Now change the 0 to 1 and save the file

# sysctl -p

cross with :

# cat /proc/sys/net/ipv4/ip_forward

which should show 1

**********

QUESTION 6

- Install a new kernel from ftp://server1/pub/updates/

The old kernel must be available and bootable as well.

- Make the new kernel your default kernel

ANSWER 6

- ftp to the server to DL the new kernel

# ftp server1/pub/updates/kernel-2.4.21-9-EL.i686.rpm

- # rpm -ivh --test kernel-2.4.21-9-EL.i686.rpm <--- Do a Test Run first

- # rpm -ivh kernel-3.4.21-9-EL.i686.rpm

- Edit /etc/grub.conf to make this new kernel boot as default

default=0 <---------- We change this to 0 from 1

timeout=10

splashimage=(hd0,2)/grub/splash.xpm.gz

title Red Hat Linux (2.4.21-9-EL)

root (hd0,2)

kernel /vmlinuz-2.4.20-8 ro root=LABEL=/ rhgb quiet

initrd /initrd-2.4.20-8.img

title Red Hat Linux (2.4.20-8vada)

root (hd0,2)

kernel /vmlinuz-2.4.20-8vada ro root=LABEL=/ rhgb quiet

***********

QUESTION 7

- Create a NFS server & export /data which should be accessible only

by .example.com domain

ANSWER 7

- Edit /etc/exports and put following :

/data *.example.com

- # chkconfig --level 35 portmap on

# service portmap restart

- # chkconfig --level 35 nfs on

# service nfs restart

# showmount –e <--------- To test and see

< /data *.example.com (or) exportfs

**********

QUESTION 8

- Connect to a Unix printer on server1

- Queue : stationX as raw printer

ANSWER 8

Go to GUI Mode open terminal

# system-config-printer

select new

In Queue Name enter - stationX

Select "InternetPrintiongProtcol "(IPP) in drop down and press NEXT

You then get another window asking for 2 entries :

Server : server1.example.com

Queue : stationX

Click on next

Select the driver to use - "Raw Print Queue"

Click Finish. Then exit saving changes.

Service cups restart

chkconfig –level 35 cups on

***********

QUESTION 9

- Create a cron job for user jane such that every day at 1.05 am it

should

/bin/echo "hello"

ANSWER 9

- Login as root

- crontab -u jane -e

05 01 * * * /bin/echo "hello"

- chkconfig --level 35 crond on

- service crond restart

===============================================================

RHCE PART [70%]

===============================================================

QUESTION 10

- Setup a OpenSSH server such that john can access it from .example.com

and no one from .cracker.org is allowed to ssh

ANSWER 10

Edit /etc/hosts.deny

sshd:ALL EXCEPT .example.com

#chkconfig --level 35 sshd on

#service sshd restart

************

QUESTION 11

- Setup a FTP server such that Anonymous access should be enabled only

from

.example.com domain

- jane should be able to connect to it from .example.com

- Everyone from .cracker.org should be denied

ANSWER 11

Edit /etc/hosts.deny

vsftpd:ALL EXCEPT .example.com

#chkconfig --level 35 vsftpd on

#service vsftpd restart

To Check /etc/vaftpd/vsftd.conf .

tcp_wrappers=YES since the default is NO

So look if they did this : tcp_wrappers=NO

or the entry is missing

************

QUESTION 12

- Setup a POP3 server such that eric can connect to it and collect his

mail

- Only accessible by hosts on the .example.com domain

ANSWER 12

iptables –A INPUT –p tcp –dport 110 –s! 192.168.0.0/24 –d 192.168.0.X –j REJECT

service iptables save

service iptables restart

chkconfig –level 35 iptables on

To check

iptables -L

************

QUESTION 13

- Setup a SMTP server

- john's mails should be spooled to /var/mail/spool/john

- Your server should accept mails from remote networks [internet]

ANSWER 13

a. Edit /etc/mail/sendmail.mc

Find thus line :

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

add the word dnl to the beginning so it looks like this :

dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

LOCAL_DEMON(`localhost.localdomain’) dnl to change your fully qualified domain name

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

# chkconfig --level 35 sendmail on

# service sendmail restart

mail –vs “hai” john@localhost.localdomain

b. john's mails should be spooled to /var/mail/spool/john

Nothing to do. This is done by default by sendmail*

*************

QUESTION 14

- Setup a mail server such that all the mails to sysadmin should be received by john.

ANSWER 14

(Note by me :-

- In the above all exercises we never created a user called sysadmin

We only created a group called sysadmin

- So create a user called - sysadmin - now

# useradd sysadmin sysadmin

- Edit the file /etc/aliases and append the foll line :

sysadmin: john

- # chkconfig --level 35 sendmail on

- # newaliases or service sendmail restart

*************

QUESTION 15

- Create a website same as your hostname [stationX here]

- cp ftp://server1/pub/station.html to your document root and

rename it as index.html

(Resolution is provided by the central dns server installed by the

examiner)

ANSWER 15

- vi /etc/httpd/conf/httpd.conf

- ServerName stationX.example.com

- NameVirtualHost stationX.example.com

<VirtualHost stationX.example.com>

ServerAdmin webmaster@stationX.example.com

DocumentRoot /var/www/html

ServerName stationX.example.com

ErrorLog logs/stationX.example.com-error_log

CustomLog logs/stationX.example.com-access_log common

</VirtualHost>

- # chkconfig --level 35 httpd on

- # service httpd restart

- # httpd -t

- # elinks http://stationX.example.com

and you should see your home page : station.example.com

or whatever is in index.html

************

QUESTION 16

- Create a samba share /data

- john should be able to only read the contents of /data

- john can be asked for authentication

- Workgroup should be set to EXAMPLE

- The share - data - should be accessible only from .example.com

- The share should be browseable

- Here the password for john will be "password"

ANSWER 16

- Edit /etc/samba/smb.conf

[global]

workgroup=EXAMPLE

encrypt passwords=yes

[data]

path=/data

browseable=yes

read list=john

hosts allow=.example.com (or)192.168.0.

- # chkconfig --level 35 smb on

- # service smb restart

- # testparm

- # smbpasswd -a john

> password

#smbclient –L stationX/data –U john

- # smbclient //stationX/data -U john

> password

smb: \> ls

===============================================================

RHCE PART [30%] Any 2 Additional

===============================================================

***********

QUESTION 17

- Create a encapsulated SSL imap server \{IMAPS\}.

- Create an IMAP certificate for your hostname

- In [CN], put stationX.example.com

ANSWER 17

To install dovecot rpm

- chkconfig dovecot on

- chkconfig --level 35 doveoct on

vi /etc/dovecot.conf

to enable protocols imap pop3 imaps pop3s

-- cd /etc/pki/tls/certs

- make dovecot.pem

- At that time put stationX.example.com

(or)

make –C /etc/pki/tls/certs dovecot.pem

service dovecot restart

chkconfig --level 35 dovecot on

mutt –f imaps://username@stationX.example.com

***********

QUESTION 18

- Extend your webserver to host a virtual site www9.example.com

document root

should be /data/www/

- Here www(X) refers to your station number [stationX]

- cp ftp://server1/pub/www.html to its document root as index.html

- john should be able to write contents to /data/www/

- Resolution of the above VirtualHost is being provided by the central DNS

server installed by the examiner.

ANSWER 18

NameVirtualHost stationX.example.com

<VirtualHost stationX.example.com>

ServerAdmin webmaster@stationX.example.com

DocumentRoot /var/www/html

ServerName stationX.example.com

ErrorLog logs/stationX.example.com-error_log

CustomLog logs/stationX.example.com-access_log common

</VirtualHost>

<VirtualHost wwwX.example.com>

ServerAdmin webmaster@wwwX.example.com

DocumentRoot /data/www

ServerName wwwX.example.com

ErrorLog logs/wwwX.example.com-error_log

CustomLog logs/wwwX.example.com-access_log common

</VirtualHost>

- # chkconfig --level 35 httpd on

- # service httpd restart

- # httpd -t

- # elinks http://wwwX.example.com

and you should see your home page : www.example.com

**************

QUESTION 19

- Create a web proxy server which should service all hosts on

.example.com domain & listens on port 8080. (SQUID proxy server)

ANSWER 19

- Edit /etc/squid/squid.conf

- search for the string 3128 and replace it with 8080

acl proxy1 src 192.168.0.0/24

http_access allow proxy1

http_access deny all

visible_hostname <your hostname >

cachemem 8 M

- chkconfig --level 35 squid on

- service squid restart

Note by me :-

1) All the services should be availabe even after reboot. Thus make

sure u have enable reqd. services in ntsysv.Otherwise no marks will be

provided for that.

(For e.g :- Suppose u forget to tick sshd server in ntsysv even though

u have setup it up properly, starting the service by hand is not valid

)

2) Only providing the above services is not important , security of

each service has to be taken care off otherwise no marks will be provided

if the service is accessible to those who are not intented to have it.)

AT THE END I HAVE FOLLOWING SERVICES TICKED IN NTSYSV IN RUNLEVEL 3.

sshd,portmap,netfs,nfs,ypbind,crond,anacrond,echo,squid,sendmail,network,ipop3,vsftpd,imaps,samba,httpd,keytable,random,xinetd,lpd,ip4,

BEST OF LUCK TO YOU ALL !!!!!!!!!!!!!!

1.To configure NTP(Network time protocol)

Answer: system-config-date

To select tab for network time ---add 192.168.0.254 –Advanced –to select Syn