Preliminary things to do before taking the Exam.

1. Login in to single user mode, Disable SE Linux, Reset the root password and Reboot the machine2. Check for Account expiry information3. Disable Firewall setting4. Configure IP address and Hostname. Start the Virtual Machine On Boot time, Press any keyPress "e" for editGo to 2nd Line ie., Select Kernal Line and press "e"At the end of the kernel line press space and 1 then press enterpress "b" for bootThis will take you to the single user mode

OR

On Boot time, Press any keySimply press "a" for Advanced Kernel Arguments At the end of the kernel line press space and 1 then press enterThis will take you to the single user mode

#getenforce -- To check SELINUX Enabled/Disabled#setenforce 0 -- To Disable SELINUX#getenforce -- It should show you "Permissive"#passwd -- Change root password (Set the password according to the instructions given)#chage -l root -- To check the Account Expiry information#chage -E never root -- To set the Account expiry to never#reboot -- To boot the system in to the Graphical mode.

After Reboot, Open terminal from Applications --> System Tools --> Terminal As right click will not work)

#iptables -L -- To check the Firewall configurations#iptables -F -- To Flush the firewall settings#service iptables save#service iptables restart#chkconfig iptables on

Now the system is on DHCP Networking:Please run ifconfig command and check whether eth0 has ipaddress or not.If it is not there, please follow below procedure to enable DHCP.#system-config-network In this wizard, check DHCP Option Save and quit.#service network restart#chkconfig network on

OR

Use "setup" command

ORGraphical Interface System --> Preference -->Network Connections

Please check these things, no need to modify anything, as system is running on DHCP.

#vim /etc/sysconfig/networkNETWORKING=yesHOSTNAME=server1.example.com:wq!#service network restart#chkconfig network on

#vi /etc/resolv.confsearch example.comnameserver 192.168.0.254 --

To verify these settings

#ifconfig -- check eth0 has IPAddress#ping localhost #hostname#dig -x 192.168.0.254 --

1. Enable Selinux

Answer:

#getenforceEnforcing#vim /etc/sysconfig/selinuxSELINUX=enforcingSELINUXTYPE=targeted

2. Enable IP forwarding on your virtual machine.

Answer: #vim /etc/sysctl.confnet.ipv4.ip_forward = 1:wq!To Verify:#sysctl -p

3. Configure FTP access on your system:Clients within the domain70.example.com domain should have anonymous FTP access to your machine Clients outside domain70.example.com should NOT have access to your FTP service

Answer:#yum install vsftpd* ftp*#service vsftpd restart#chkconfig vsftpd on#ifconfig --Check your ip address# ftp 192.168.0.106 -- Check whether ftp is accessible to your ipUsername: anonymousPassword : -null-ftp > bye --Till here every one can access your machine as ftp.#vim /etc/hosts.deny -- Using TCP wrappers you are denying all other domains to access ftp.vsftpd: ALL EXCEPT 192.168.0.0/255.255.255.0 -- domain70.example.com ip:wq!#service vsftpd restart

To verify:# ssh 192.168.1.0 -- login to cracker.org machine , why because it is outside ur domain.# ftp 192.168.0.106 -- from here you try ftp to your machine.You do not have a permission to use this program.

4. Set cron job:Set cron service such that it can't be accessible by mike

Answer:# vim /etc/cron.denymike:wq!#service crond restart#chkconfig crond on

To Verify:#su mike$crontab eYou are not allowed to use this program.

5. Configure SSH access as follows:natasha has remote SSH access to your machine from within domain70.example.com clients within cracker.org should NOT have access to ssh on your system

Answer:#yum install openssh-server#service sshd restart#chkconfig sshd on#vim /etc/hosts.deny ---Using TCP wrappers you are denying cracker.org domain to access ssh. sshd: 192.168.1.0/255.255.255.0:wq!#service sshd restart

6. Share the /common directory via SMBYour SMB server must be a member of the STAFF workgroupThe share's name must be commonThe common share must be available to domain70.example.com domain clients onlyThe common share must be browsablenatasha must have read access to the share authenticating with the password smbposrroll if necessary.

Answer:#yum install samba#mkdir /common#vim /etc/samba/smb.conf:set nuLine 74: workgroup = STAFF come to last lineCopy last 7 lines and paste [common]; comment = Common Stuff path = /common public = yes writable = no browseable = yes valid users = Natasha hosts allow = 192.168.0.; printable = no; write list = +staff:wq!#service smb restart#chkconfig smb on#testparm#smbpasswd NatashaPassword:Reenter password:

To Verify:#ifconfig -- Note Down your IP#smbclient //192.168.0.106/common U Natashasmbpassword: Domain=[STAFF] OS=[UNIX] Server=[Samba 3.5.4-68.el6]tree connect failed: NT_STATUS_BAD_NETWORK_NAME -- You get this error#ls ldZ /commondrwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /common#chcon R t samba_share_t /common#ls ldZ /commondrwxr-xr-x. root root unconfined_u:object_r:samba_share_t:s0 /common##smbclient //192.168.0.106/common U Natashasmbpassword: Domain=[STAFF] OS=[UNIX] Server=[Samba 3.5.4-68.el6]Smb: \>quit#

7. Implement a web server for the site http://station.domain70.example.com, then perform the following steps:Download ftp://server1.domain70.example.com/pub/rhce/station.htmlRename the downloaded file to index.htmlCopy this index.html to the Document root of your web serverDO NOT make any modifications to the content of index.html

Answer:#yum install httpd#cd /var/www/html#wget ftp://server1.domain70.example.com/pub/rhce/station.html#ls#mv station.html index.html#vim /etc/httpd/conf/httpd.conf:set nuLine 990: NameVirtualHost 192.168.0.1:80 -- Your ip:port number come to last lineCopy last 7 lines 7yy and paste p # ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html ServerName station.domain70.example.com# ErrorLog logs/dummy-host.example.com-error_log# CustomLog logs/dummy-host.example.com-access_log common

:wq!#httpd -t#service httpd restart#chkconfig httpd on#elinks station.domain70.example.com

1. Extend your web server to include a virtual host for the site http://www.domain70.example.com,then perform the following steps:Set the DocumentRoot to /var/www/virtualDownload ftp://server1.domain70.example.com/pub/rhce/www.htmlRename the downloaded file to index.htmlPlace this index.html in the Document Root of the virtual hostDO NOT make any modifications to the content of index.htmlEnsure natasha is able to create content in /var/www/htmlNote: www.domain70.example.com provided by server1.domain70.example.com

Answer:#mkdir /var/www/virtual#cd /var/www/virtual#wget ftp://server1.domain70.example.com/pub/rhce/www.html#ls#mv www.html index.html#ls#vim /etc/httpd/conf/httpd.conf:set nu Come to last lineCopy last 7 lines 7yy and paste -- your ip:portnumber# ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/virtual ServerName www.domain70.example.com# ErrorLog logs/dummy-host.example.com-error_log# CustomLog logs/dummy-host.example.com-access_log common

:wq!#httpd -t#service httpd restart#chkconfig httpd on#setfacl m u:natsha:rwx /var/www/virtual

To Verify:#elinks http://www.domain70.example.com

9. Export your /common directory via NFS to the domain70.example.com domain only

Answer:# yum install nfs-utils# vim /etc/exports/common 192.168.0.0/255.255.255.0(ro,sync):wq!#service nfs restart#chkconfig nfs on#exportfs -- Verify

10. Configure SMTP mail service according to the following requirements:Your mail server should accept mail from remote hosts and localhostnatasha must be able to receive mail from remote hostsMail delivered to natasha should spool into the default mail spool for natasha, /var/spool/mail/natasha

Answer: #yum install postfix#vim /etc/postfix/main.cf:set nuLine 113: inet interface = all -- you need to enable this line by removing #Line 116: # inet interfaces = localhost -- you need to disable this line by putting #:wq!#service postfix restart#chkconfig postfix on

To Verify:#ls ld /var/spool/mail/natasha

11. Create a directory limited on your DocumentRootDownload ftp://server1.domain70.example.com/pub/rhce/station.htmlRename the downloaded file to index.htmlCopy this index.html file the limited directoryMake it such that the content of limited can be accessible to the local users only

Answer:#mkdir p /var/www/html/limited#cd /var/www/html/limited#wget ftp://server1.domain70.example.com/pub/rhce/station.html#ls#mv station.html index.html#vim /etc/httpd/conf/httpd.conf:set nu come to last line Copy last 7 lines 7yy and paste p -- your ip:portnumber# ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/virtual ServerName http://www.domain70.example.com Order allow,deny Allow from 192.168.0.1# ErrorLog logs/dummy-host.example.com-error_log# CustomLog logs/dummy-host.example.com-access_log common :wq!#httpd -tSYNTAX OK#service httpd restart#chkconfig httpd onTo Verify:#elinks http://www.domain70.example.com/limited

12. Configure an email alias for your MTA such that mail sent to admin is received by the local user natasha

Answer:MTA ---> Mail Transport Agent

# vim /etc/aliases:set nu come to last line and add the following lineroot: natashawq! #newaliases

To Verify:# mail root@localhostSubject: XYZContent: ABCEDEFG ^d

#su natasha$mailYes you have a mail.

13. Using iscsi, discover and mount a device shared by host.domain70.example.comCreate an iscsi storage device of 1100MB sizeDownload ftp://server1.domain70.example.com/pub/rhce/iscsi.txt and copy it to the iscsi deviceMount the device permanently under /mnt/data as ext4 file system

Answer: #yum install iscsi*#iscsiadm -m discovery -t st -p instructor.example.comStarting iscsi id [OK]192.168.0 iqn.2012-09.com.example:rdisks server6#iscsiadm -m node iqn.2012-09.com.example:rdisks server6 -p 192.168.0.254 -l#fdisk -l#fdisk -cu /dev/sda:p -- print:n -- create new partition:p -- primary partition:1 -- partition number 1: -- first cylinder : default press enter:+1100M last cylinder value:p -- print:w -- save

#partprobe#mkfs.ext4 /dev/sda1#mkdir /mnt/data#vim /etc/fstab/dev/sda1 /mnt/data ext4 defaults 0 0:wq!#mount -a#df -h

14. Configure kernel such that kernstack value is 1, kernel line should display the edited string in /proc/cmdline.

Answer: #vim /etc/grub.confGo to end of the kernel line this will take you to end of the kernel line and type kernstack=1 at the end of the line as shown below.Kernel /vmlinuz-2.6.32-71.el6.i686 ro root=/dev/mapper/vg_instructor- rhgb quite kernstack 1:wq!# cat /proc/cmdline -- It will not show , reboot is necessary# reboot# cat /proc/cmdline -- It will show now.

15. Mount the image file /root/dvd.iso under /mnt/dvd so that it automatically mounts when the system is rebooting.

Answer:#cd#ls#mkdir /mnt/dvd#vim /etc/fstab/root/dvd.iso /mnt/dvd iso9660 ro,loop,auto 0 0wq! #mount -a #df h

16. Write a script /root/bar.sh such that when we execute /root/bar.sh Python it displays Perl andwhen we execute /root/bar.sh Perl it displays Python. and when we type someother character, /root/bar.sh Perl \ Python is directed to stderr.

Answer:#vim /root/bar.sh#!/bin/bashread a

if [ $a == python ]thenecho perlelif [ $a == perl ]thenecho pythonelseecho /root/bar.sh python|perl >>stderrfi:wq!#chmod 755 /root/bar.sh#./bar.sh -- To Verify

@@@@@@@