RHCSA(EX200) & RHCE(EX300) Paper

Read all the instructions carefully

RHCSA exam is 2.5 hours long. 300 Marks-------------Min Marks is 210.

RHCE exam is 2.0 hours long. 300 Marks-------------Min Marks is 210.

Student have to bring original photo ID proof with himself/herself & Passport size photograph.

Fill up the form. After filling form you will be provided with username and password for the base machine. Here provide password is for local user, not admin.

Login to the base machine.

After login to the base machine you are suppose to see a file on the Desktop in which information regarding the exam is given.

There is also an icon on the Desktop by clicking which you will be able to access your Virtual Machine.

You will solve all the questions in virtual machine.

As there is no Browser installed on Virtual Machine, you are supposed to open your exam paper in Base Machine.

The packages can be installed using FTP from ftp://192.168.0.254/pub/rhel6/dvd

RHCSA PAPER

1). First step is to crack password of Virtual Machine

On start up the cpu press E (for edit)

Now go to on second line

Press E(for edit)

Now give space and write 1(or s) then press enter

Now press b

Now we change password for root

setenforce 0

passwd root

reboot

2). setup a ip addr for virtual macine as ip addr 192.168.0.y subnet mask 255.255.255.0 Default gateway 192.168.0.254 nameserver 192.168.0.254 and hostname as serverx.example.com ( where "x" is the fourth byte of base machine ip & y=x+100 ).

Rite click on Network Manager(In graphical)

Edit connections

Add

IPv4 setting

Now select manual

Now click on add

Add details as per above mentioned

Apply

Service NetworkManager restart

Chkconfig NetworkManager on

Hostname

Hostname serverX.example.com

Vim /etc/sysconfig/network

Now edit hostname- HOSTNAME=serverx.example.com

Service network restart

Nslookup serverX.example.com

Ping 192.168.0.254

Ethtool eth0

Iptables –F

Service iptables save

Service iptables restart

Chkconfig iptables on

By default firefox is not installed on VM so we can install firefox on VM

First create yum

Vim /etc/yum.repos.d/exam.repo

[exam]

Baseurl= ftp://192.168.0.254/pub/rhel6/dvd

Gpgcheck=0

3). Create a new Partition

Your system has a new physical partition mounted under /common with a 400MiB ext4 file system.[Note: Because partition sizes are seldom exactly whatever specified when they are created, anything within the range of 350 to 450MB is acceptable.]

Fdisk –l /dev/vda

Fdisk /dev/vda

N

E

3

9837

Whole memory

Enter

W

Fdisk /dev/vda

N

L

Enter

+400M

w

Partx –a /dev/vda

Mkfs.ext4 /dev/vda5

Mkdir /common

Vim /etc/fstab

/dev/vda5 /common ext4 defaults 0 0

Mount –a

Df –h

4). Create the following users, groups, and group memberships:

Create the following users, groups, and group memberships:

A group named sysadmin.

A user natasha who belongs to sysadmin as a secondary group.

A user sarah who also belongs to sysadmin as a secondary group.

A user harry who does not have access to an interactive shell on the system, and who is not a member of sysadmin.

natasha, sarah and harry should all have the password of thuctive.

Groupadd sysadmin

Useradd Natasha

Usermod –G sysadmin Natasha

Usermod –G sysadmin sarah

Useradd –s /sbin/nologin harry

Passwd Natasha

Thuctive

Passwd sarah

Thuctive

Passwd harry

Thuctive

5). Create a collaborative directory

Create a collaborative directory /common/admin with the following characteristics:

Group ownership of /common/admin is sysadmin.

The directory should be readable, writable, and accessible to members of sysadmin, but not to any other user.

(It is understood that root has access to all files and directories on the system.)

Files created in /common/admin automatically have group ownership set to the sysadmin group.

Mkdir /common/admin

Chgrp sysadmin /common/admin

Ll –d /common/admin

Chmod 770 /common/admin

Chmod 2770 /common/admin( for making group ownership to sysadmin group)

Su –natasha

Cd /common/admin/

Touch arp

Ls –l

exit

6). Install the appropriate kernel

Install the appropriate kernel update from:ftp://instructor.example.com/pub/updates The following criteria must also be met:

The updated kernel is the default kernel when the system is rebooted.

The original kernel remains available and bootable on the system.

Click on link

After that you will find two rpm packages

1) Kernel 2) kernel – Firmware

Download both of them on desktop

First install kernel-firware

Now install kernel

Just by double click on them

Entries of kernel will be in vim /boot/grub/grub.conf

7). Enable IP forwarding on your machine

Enable IP forwarding on your machine

Vim /etc/sysctl.conf

At Line no 7 net.ipv4.ip-forward=1

Sysctl –p(for cross check)

8). Implement a web server

Implement a web server for the site http://serverx.example.com then perform the following steps:-

Download ftp://instructor.example.com/pub/rhce/station.html

Rename the downloaded file to index.html

Copy this index.html to the Document Root of your web server

Do NOT make any modifications to the content of index.html

Yum install httpd* –y

Cd /var/www/html

Wget ftp://instructor.example.com/pub/rhce/station.html

Ls

Mv station.html index.html

Service httpd restart

Chkconfig httpd on

9). Resize the Lvm partition

Resize the Lvm partition "home" to 150MiB.

W

Lvdisplay

Df –h

Umount /dev/vgsrv/home

E2fsck –f /dev/vgsrv/home

Resize2fs /dev/vgsrv/home 150M

Lvreduce –L 150M /dev/vgsrv/home

Mount –a

Lvdisplay

Df –h

For extend we use following command

Lvextend –L 250M /dev/vgsrv/home

Resize2fs -f /dev/vgsrv/home

Mount -a

10). Configure FTP access

Configure FTP access on your system:

Clients within the example.com domain should have anonymous FTP access to your machine

Yum install vsftpd

Service vsftpd restart

Chkconfig vsftpd on

Booleans on of Selinux

getsebool -a | grep ftp (1,5)

setsebool –P Boolean name on

11). Configure a cron job

The user natasha must configure a cron job that runs daily at 14:23 local time and executes /bin/echo hiya

Crontab –u natasha –e

23 14 * * * /bin/echo “hiya”

Service crond restart

Chkconfig crond on

Crontab –u natsah -l

12). SELinux must be running in the Enforcing mode.

SELinux must be running in the Enforcing mode.

sestatus

Setenfoce 1

Vim /etc/Selinux/config

getenforce

13). Copy the file /etc/fstab to /var/tmp

Copy the file /etc/fstab to /var/tmp. Configure the permissions of/var/tmp/fstab so that:

The file /var/tmp/fstab is owned by the root user.

The file /var/tmp/fstab belong to the group root.

The file /var/tmp/fstab should not be executable by anyone.

The user natasha is able to read and write /var/tmp/fstab.

The user sarah can neither write nor read /var/tmp/fstab.

[Note: all other users (current or future) have the ability to read/var/tmp/fstab.]

Cp /etc/fstab /var/tmp

Ll /var/tmp/fstab

Setfacl –m u:Natasha:rw- /var/tmp/fstab

Setfacl –m u:sarah:--- /var/tmp/fstab

Getfacl /var/tmp/fstab

14). Configure NTP

Configure your system so that it is an NTP client of instructor.example.com.

Ntpdate –b 192.168.0.254

Service ntpd stop

Vim /etc/ntp.conf

Server 192.168.0.254

Service ntpd start

Chkconfig ntpd on

15). Find the files

Find files in your system which is owned by natasha user & copy all the files on /backup/somefile directory

w

Find / -user natasha

Find / -user Natasha -exec cp -rvf {} /backup/somefile/ \;

Mkdir –p /backup/somefile;find / -user Natasha –exec cp –a –rvf {} /backup/somefile \;

Ls –l /backup/somefile/

16). Create a swap partition

Create a SWAP partition of 450 megabyte and make available at next reboot.

Free –m

Fdisk /dev/vda

N

L

+450M

T

6

82

W

Partx –a /dev/vda

Mkswap /dev/vda6

Swapon /dev/vda6

Free –m

Vim /etc/fstab

/dev/vda6 swap swap defaults 0 0

Mount –a

Free –m

17). Authenticate users from LDAP Directory Servers

Authenticate users from LDAP Directory Servers which have:

ServerName: instructor.example.com. Base DN: dc=example,dc=com.Download certificate from ftp://instructor.example.com/pub/EXAMPLE-CA-CERTAuthenticate with users ldapuserx with have password of password.Configure autofs such that server's home directory instructor.example.com:/home/guests/ldapuserx mounted on /home/guests/ldapuserx.

Now ldap client configuration

Yum install openldap* -y

System-config-authentication

First choose Identity & Authentication tab

In user account configuration choose ldap user

Now write Base DN: dc=example,dc=com

& ldap server name: instructor.example.comNow click on use TLS to encrypt

Now click on Download CA certificate

Now enter url as ftp://instructor.example.com/pub/EXAMPLE-CA-CERT

Now in authentication method choose ldap password

Chkconfig sssd on

Su – ldapuser7

Here is showing error. For removing error we make directory & mount server directory on this

Mkdir –p /home/guest/ldapuser7

Mount 192.168.0.254:/home/guests/ldapuser7 /home/guests/ldapuser7

Su – ldapuser7

Logout

Now we can also use other way to do this task

Add entry in file

Vim /etc/auto.master

/home/guests /etc/auto.misc

Add other entry in file as

Vim /etc/auto.mics

Ldapuser7 -rw,soft,intr instructor.example.com:/home/guests/ldapuser7

Due to bug first make service stop & then start

Service autofs stop

Service autofs start

Chkconfig autofs on

Su – ldapuser7

18). Create a user with uid

Create the following user name neo with uid 1337 and set the password password:

Useradd –u 1337 neo

Tail -1 /etc/passwd

Passwd neo

Password

19). Create the lvm partition with P.E.

Create the volume group with name myvol with 8 MiB P.E. and create the lvm name mydatabase with the 20 P.E. and format this lvm with vfat and create a directory /database and mount this lvm permanently on /database.

Fdisk /dev/vda

N

L

+167M

T

7

8e

W

Partx –a /dev/vda

Pvcreate /dev/vda7

Vgcreate –s 8M myvol /dev/vda7

Vgdisplay Myvol

Lvcreate –L 160M –n mydatabase myvol

Lvdisplay

Mkfs.vfat /dev/myvol/mydatabase

Mkdir /database

Vim /etc/fstab

/dev/myvol/mydatabase /database vfat defaults 0 0

Mount –a

Df –h

20). Find the string

Find the string root from /etc/passwd file and save the result in /searchfile.

Grep “root” /etc/passwd > /searchfile

Cat /search

/usr/local/sbin/install-vserver( for Installation virtual machine)

RHCE PAPER

Two Network have been given here

example.com-------192.168.0.0/255.255.255.0

cracker.org---------172.24.0.0/255.255.0.0

iptables -F

service iptables save

service iptables restart

chkconfig iptables on

Now create yum

1). Configure SSH access

Configure SSH access as follows:

sarah has remote SSH access to your machine from within example.com

Clients within cracker.org should NOT have access to ssh on your System

vim /etc/ssh/sshd_config

allowusers sarah root

here we use TCP wrapper secruity. we make some entries as such follows

vim /etc/hosts.allow

sshd: 192.168.0.0/255.255.255.0

vim /etc/hosts.deny

sshd: 172.24.0.0/255.255.255.0

service sshd restart

chkconfig sshd on

2). Restrict crontab

User neo should not be able to use crontab.

for this make entries in below mentioned file

vim /etc/cron.deny

neo

service crond restart

chkconfig crond on

3). Configure FTP access

Configure FTP access on your system:

Clients within the example.com domain should have anonymous FTP access to your machine

Clients outside example.com should NOT have access to your FTP service.

yum install vsftpd* -y

yum installl ftp* -y

vim /etc/hosts.allow

vsftpd: 192.168.0.0/255.255.255.0

vim /etc/hosts.deny

vsftpd: ALL

service vsftpd restart

chkconfig vsftpd on

ftp 192.168.0.110

ftp 127.0.0.1

Boolean again on as previous question in ftp

Getsebool –a | grep ftp

Allow_ftpd_annon_write(1)

ftp_home_dir(5)

setsebool –P Allow_ftpd_annon_write 1

setsebool –P ftp_home_dir 1

4). Share the /common directory via SMB

Share the /common directory via SMB:

Your SMB server must be a member of the STAFF workgroup

The share’s name must be common.

The shared share must be available to example.com domain clients only

The shared share must be browseable.

sarah must have read access to the share, authenticating with the same password flectrag, if necessary.

mkdir /common

yum install samba* -y

vim /etc/samba/smb.conf

workgroup=STAFF

[common]

path=/common

browseable=yes

valid users=sarah

hosts allow=192.168.0.0/255.255.255.0

read only=yes

useradd sarah

smbpasswd -a sarah

ls -lz /etc/samba/smb.conf

ll –dZ /common

ll –dZ /etc/samba

chcon -t samba_etc_t /common

service smb restart

chkconfig smb on

smbclient //192.168.0.110/common -U sarah

5). Implement a web server

Implement a web server for the site http://serverX.example.com then perform the following steps:-

Download ftp://instructor.example.com/pub/rhce/station.html

Rename the downloaded file to index.html

Copy this index.html to the Document Root of your web server

Do NOT make any modifications to the content of index.html

yum install httpd* -y

cd /var/www/html

wget ftp://instructor.example.com/pub/rhce/station.html

mv station.html index.html

vim /etc/httpd/conf/httpd.conf

NameVirtualHost 192.168.0.110:80

<virtualhost 192.168.0.110:80>

Document Root /var/www/html

servername server10.example.com

</virtualhost>

service httpd restart

chkconfig httpd on

clients http://server10.ecample.com

6). Extend your web server

Extend your web server to include a virtual host for the site http://wwwx.example.com/, where x is your station number, then perform the following steps:

Set the DocumentRoot to /var/www/virtual

Download ftp://instructor.example.com/pub/rhce/www.html

Rename the downloaded file to index.html

Place this index.html in the DocumentRoot of the virtual host

Do NOT make any modifications to the content of index.html

Ensure that sarah is able to create content in /var/www/virtual

[Note: The original web site http://serverX.example.com must still eaccessable. DNS resolution for the hostname wwwx.example.com is already provided by the name server on instructor.example.com.]

mkdir /var/www/virtual

cd /var/www/virtual

wget ftp://instructor.example.com/pub/rhce/www.html

mv www.html index.html

vim /etc/httpd/conf/httpd.conf

NameVirtualHost 192.168.0.110:80

<virtualhost 192.168.0.110:80>

Document Root /var/www/html

servername server10.example.com

</virtualhost>

<virtualhost 192.168.0.110:80>

Document Root /var/www/virtual

servername www10.example.com

</virtualhost>

service httpd restart

chkconfig httpd on

clients http://server10.ecample.com

clients http://www10.example.com

setfacl -m u:sarah:rw /var/www/virtual

7). Configure Web Server access

Implement a web server for the site http://serverX.example.com then perform the following steps:-

Create a directory in your DocumentRoot named "restrict"

Download ftp://instructor.example.com/pub/rhce/station.html

Rename the downloaded file to index.html

Copy this index.html to the "restrict" directory in the DocumentRoot of your web server

Do NOT make any modifications to the content of index.html

"restrict" directory should not be accessible to anyone except example.com network

yum install httpd* -y;mkdir /var/www/html/restrict;cd /var/www/html/restrict;wget ftp://instructor.example.com/pub/rhce/station.html; mv station.html index.html;

vim /etc/httpd/conf/httpd.conf

<Directory /var/www/html/restrict>

order allow,deny

allow from 192.168.0.0

</Directory>

service httpd restart

chkconfig httpd on

8). Export your /common directory via NFS

Export your /common directory via NFS to the example.com Domain only.

[Note: because you will not have root access, you will not be able to directly Mount your exported /common directory using your guest account on the system provided for testing. However, the auto-mounter on the system has been configured such that it will automount your /common directory under /home/guestx/nfs/stationx, where x is your station number. Consequently, successful execution of ls /home/guestx/nfs/stationx indicates that the automounter was able to automount your NFS share.]

Rpm –q nfs-utils

Yum install nfs-utils

Vim /etc/exports

/common 192.168.0.0/255.255.255.0(ro,sync)

Service nfs restart

Chkconfig nfs on

Service rpcbind restart

Chkconfig rpcbind on

Showmount -e

9). Configure an email alias

Configure an email alias for your MTA such that mail sent to admin is received by the local user sarah.

Vim /etc/aliases

Admin: sarah( add this entry to at the last of the file)

Now save the file & run the following command:

Newaliases

10). Configure SMTP mail service

Configure SMTP mail service according to the following requirements:

Your mail server should accept mail from remote hosts and localhost.

Sarah must be able to receive mail from remote hosts. Mail delivered to sarah should spool into the default mail spool for sarah, /var/spool/mail/sarah.

Yum install postfix* -y

Vim /etc/postfix/main.cf

At line no 113

Inet_interfaces = all

#inet_interfaces = localhost

Service postfix restart

Chkconfig postfix on

Yum install telnet* -y

telnet 127.0.0.1 25

quit

telnet 192.168.0.110 25

quit

11). Mount iso image

Download ftp://instructor.example.com/pub/iso/boot.iso

mount this iso permanently as a read only on /mnt/iso

mkdir /mnt/iso

vim /etc/fstab

/root/Desktop/boot.iso /mnt/iso iso9660 defaults,loop,ro 0 0

Mount –a

Df –h

12). Configure an iscsi

Dicover an ISCSI device on your system and create a partition on that device of size 10 MiB mounted under directory /iscsi. Create a file named abc.txt in /iscsi directory. Configure permission of that file such that user sarah can read, write and execute this file.

yum install iscsi-initiator-utils –y

iscsiadm –m discovery -t st -p 192.168.0.254:3260

Trying to login with the iSCSI

Now copy iqn.2012-10.com.example:disk1

Iscsiadm -m node -T iqn.2012-10.com.example:disk1 -p 192.168.0.254:3260 -l

fdisk –l

fdisk /dev/sda

make 10MB partition

partprobe /dev/sda

mkfs.ext4 /dev/sda1

Checking the UUID for disk

blkid /dev/sda1

now copy UUID="71e86162-011d-49f1-9b4a-9f95a277e6b5"

Add the next entry in /etc/fstab file

Vim /etc/fstab

UUID=71e86162-011d-49f1-9b4a-9f95a277e6b5 /iscsi ext4 defaults,_netdev,acl 0 0

Mkdir /iscsi

Mount –a

Df –h

Cd /iscsi/

Touch abc.txt

Setfacl –m u:sarah:rwx /iscsi/abc.txt

13). Configure script

Create a script in /progrram with the name script.sh to do the following

When kernel is passed as an argument then the output is user.

When user is passed as argument then the output is kernel.

When neither kernel nor user is passed then the output is "--stdin error".

Mkdir /progrram

Cd /program

Touch script.sh

Chmod +x script.sh

Vim script.sh

#!/bin/bash

If [ “$1” == “kernel” ]

Then

Echo “user”

Elif [ “$1” == “user” ]

Then

Echo “kernel”

Else

Echo “—stdin error”

fi

Now save the file and run test.

Sh script.sh

14). Pass the parameter to kernel

Pass the parameter to kernel.

Pass the parameter "kernelbp=1" to the kernel.

Enter this value at the last of the line kernel in /etc/grub.conf

Vim /etc/grub.conf

Now save and restart the machine

And now check with this

Cat /proc/cmdline