Rhce Exams

-------------------------------------------------- -----------------------------------------------------RHCE Exams ( note configuration selinux): ( fitted setroubleshootd, restart ) Note: your IP, host name , gateway, DNS has been configured IP: 172.24.30.5/24 Host Name : station.domain30.example.com vim / etc / hosts 172.24.30.5 station.domain30.example.com record record in the hosts add the host name and ip correspondence. correspondence.  You  You are a member of the the domain domain30.example.com domain30.example.com host another domain is t3gg.com---172.25.0.0/16 network 1 , set selinux status is set to enforcing state setenforce 1 vim / etc / sysconfig / selinux SELINUX = enforcing 2 , please ip_forward function opens and permanent vim / etc / sysctl.conf  net.ipv4.ip_forward = 1 sysctl-p ( to make it effective immediately ) If this option is not used sysctl.conf the following command sysctl-a | grep net.ipv4 sysctl-P net.ipv4.ip_forward = 1 sysctl-w 3 , configure ssh to allow users to access the domain , reject all nondomain access yum install-y openssh chkconfig sshd on vim / etc / hosts.deny sshd: ALL reject all vim / etc / hosts.allow sshd: 172.24.30.0/255.255.255.0 allow access to this domain sshd: 127.0.0.1/255.0.0.0 allows native access ( only write mask ) Use sshd restrict access : 1. First read allow, read deny. Above configuration is: allow only local and the domain link sshd, refused to allow in non- domain links outside of sshd. ( Using iptables: Delete all rules iptables-F iptables-F-t nat

iptables-X to delete custom rules iptables-L View iptables-A INPUT-s 172.25.0.0/16-p tcp - dport 22-j REJECT reject this domain access port 22 service iptables save ( each finished an iptables rules preserved ) Or : iptables-A INPUT!-s 172.24.30.0/24-p tcp - dport 22-j REJECT reject non- all domains outside this domain iptables-I INPUT-s 127.0.0.1-j ACCEPT insert the header row rule allows native access . service iptables save to save the rule If wrong, you can vim / etc / sysconfig / iptables modification ) 4 , the configuration allows anonymous ftp from / var / ftp / pub directory, download , and reject the domain access . yum-y install vsftpd chkconfig vsftpd on services vsftpd start vim / etc / hosts.deny vsftpd: ALL vim / etc / hosts.allow vsftpd: 172.24.30.0/255.255.255.0 vsftpd: 127.0.0.1/255.0.0.0 Or : iptables-A INPUT-s 172.25.0.0/16-p tcp - dport 21-j REJECT reject this domain link port 21 service iptables save to save the rule 5, the / root / cdrom.iso locked in to the / opt / data down and set to start automatically mount mkisofs-o cdrom.iso / etc / to / etc / entire directory to make the image file named cdrom.iso cd / opt / mkdir data mount-o loop / root / cdrom.iso / opt / data test whether mounted on vim / etc / fstab / root / cdrom.iso / opt / data iso9660 defaults, loop 0 0 mount-a to remount the partition is not mounted on 6 , configure the web server can be accessed

http://station.domain30.example.com rpm-qa | grep httpd yum-y install httpd chkconfig httpd on cd / var / www / html / wget http://ip/dir/example.html so after downloading the home page will inherit the security context of the current directory (selinux). mv example.html index.html 7 , configure the web server virtual host. http://www.domain30.example.com can visit to the / www / virtual directory pages, pages from http://ip/dir/example.html download. And to ensure that , http://station.domain30.example.com Similarly to the previous contents can be accessed . mkdir-p / www / virtual cd / www / virtual wget http://ip/dir/example.html mv example.html index.html chcon - reference / var / www / / www /-R due on selinux, to ensure the security context and / var / www / same. vim / etc / httpd / conf / httpd.conf  NameVirtualHost *: 80 to remove this line comment Remove this line comment # ServerAdmin [email protected] DocumentRoot / www / virtual remove this line comment , fill in the home directory ServerName www.domain30.example.com remove this line comment , fill in the host header # ErrorLog logs / dummy-host.example.com-error_log # CustomLog logs / dummy-host.example.com-access_log common Remove this line comment Copy to create this line DocumentRoot / var / www / html / remove this line comment , fill in the home directory ServerName station.domain30.example.com remove this line comment , fill in the host header Copy to create this line service httpd restart

elinks Test: yum-y install elinks elinks - dump station.domain30.example.com elinks - dump www.domain30.example.com 8 , from http://ip/dir/restircted.html download files , can only be a local user on the machine accessible via path http://station.domain30.example.com/restircted , reject the nonnative access , the user harry has write access to the directory . cd / var / www / html mkdir restircted cd restircted wget http://ip/dir/restircted.html elinks Test: elinks station.domain30.example.com/restircted vim / etc / httpd / conf / httpd.conf  Create, specify the directory restrictions Order deny, allow definition of the order of allow and deny deny from all allow all first allow from 172.25.30.5/16 reject this domain : t3gg.com setfacl-m u: harry: rwx restircted 9 , configure nfs server, / common directory shared to domain30.example.com domain, and allows the client to access the root user , they have root privileges yum install-y nfs * chkconfig nfs on service nfs restart chkconfig rpcbind on ( incidentally plus ) vim / etc / exports / common 172.24.30.0/255.255.255.0 (rw, no_root_squash) showmount-e 172.16.30.5 mount-t nfs 172.16.30.5 :/ common / mnt ( test ) 10 , configure samba server , the / common share and can browse to the. User harry read this share , if necessary , harry user password is harryuser. yum install-y samba chkconfig smb on chkconfig nmb on service nmb start

service smb start useradd harry ( there must be such a local user ) smbpasswd-a harry set password is : harryuser pdbedit-L See what samba users vim / etc / samba / smb.conf  [common] path = / common hosts allow = 127. 172.24.30. allow access to the machine and the domain chcon-t samba_share_t / common-R this line parameter in the smb.conf configuration file / chcon can find , you must do this, open the selinux. smbclient / / 172.24.30.5/common-U harry ls, mget testing. 11 , the configuration of a domian30.example.com domain mail server requires the server can be local or by harry users connect to the server from the network send and receive mail . harry the user's mailbox is / var / spool / mail / harry. Note that the DNS server has to help you get the MX record resolution. yum install-y postfix chkconfig postfix on alternatives - config mta If you are installing sendmail, modified using postfix chkconfig sendmail off sendmail can not boot vim / etc / postfix / main.cf ( modified four places ) myhostname = station.domain30.example.com own host name mydomain = domian30.example.com where their domain name inet_interfaces = all to remove this line comment # inet_interfaces = localhost comment this line , if the same parameter has two values , whichever is later , this line must be commented mydestination = $ myhostname, $ mydomain, localhost own domain to accept services postfix restart Test: lsof-i: 25 ( there are 25 ports can be heard ) mail harry Subject: test data

. cd / var / spool / mail cat harry Or : telnet station.domain30.example.com 25 (220 station.domain30.example.com ESMTP Postfix) can mail from: [email protected] rcpt to: [email protected] data subject: harry harry . quit Receiving server configuration : yum-y install dovecot service dovecot restart lsof-i: 110 chkconfig dovecot on cd / etc / dovecot / conf.d / vim 10-mail.conf  mail_location = mbox: ~ / mail: INBOX = / var / mail /% u uncomment this line vim 10-auth.conf  disable_plaintext_auth = no uncomment this line , yes to no Test: telnet station.domain30.example.com 110 (+ OK Dovecot ready.)  This line can appear user harry pass harry list mailing list retr 1 View the message content quit 12 , the connection to the mail server to the admin email, users can be notified harry vim / etc / aliases admin: harry newaliases file generated aliases.db ll / etc / aliases.db

Test: mail admin Subject: admin admin . cat / var / spool / mail / harry 13 , configure the kernel parameters rhelblq = 1, and requested via / proc / cmdline authenticate to your kernel parameters vim / etc / grub.conf  Write the final surface of the kernel line After the restart to see cat / proc / cmdline 14 , tom configuration does not allow users to use cron useradd tom vim / etc / cron.deny tom a user line , save and exit immediately. 15 , write a script / root / program, required input parameters to the script when the kernel , the script returns user, user input parameters to the script , the script returns kernel. The script has no parameters or parameter error is the standard error output from the output "usage :/ root / program kernel | user" vim / root / program #! / bin / bash if [$ #-eq 1]; then if [$ 1 = kernel]; then echo "user" elif [$ 1 = user]; then echo "kernel" else echo "usage :/ root / program kernel | user" fi else echo "usage :/ root / program kernel | user" fi Test chmod a + x / root / program .root / program kernel

. / root / program user . / root / program lll 16 , please visit iscsi shared storage , the storage server 's address is 172.24.30.100, separation 1500M space , formatted as ext3 file system, mount / mnt / data under , and to achieve boot automatically mounted. yum install-y iscsi * chkconfig iscsid on chkconfig iscsi on iscsiadm-m discovery-t st-p 172.24.30.100:3260 iscsiadm-m node-T iqn.2011-p 172.24.30.100-l (-u to exit ) service iscsi restart fdisk-l fdisk / dev / sda partx-a / dev / sda partx-a / dev / sda mkfs.ext3 / dev/sad1 yum-y install tree cd / var / lib / iscsi tree. View iqn cd / mnt mkdir data blkid / dev/sda1 ( see UUID number, use the UUID to mount ) vim / etc / fstab UUID = XXX / mnt / data ext3 default, _netdev 0 0 mount-a yum-y install ftp cd / mnt / data ftp ip Empty user name ftp password mget file * blurred download exit -l is the mean login -u is canceled -o delete to delete