RHCE1. 1. Configure NFS service to / mnt / storage directory shared as read-only to the example.

com domain user, the client as the root user to access the directory will have root access, read-only shared to the cracker.org domain user A: # Vim / etc / exports / mnt / storage *. Example.com (ro, sync, no_root_squash) / mnt / storage *. Cracker.org (ro, sync) 2. Example.com only allows access to the local SSH A: # Vim / etc / hosts.allows shd:. Example.com # vim / etc / hosts.deny sshd: AL

3. Samba configuration requirements are as follows 1) working group called RHCE 2) authentication type user 3) shared / mnt / storage directory, share name share 4) of the shared directory allows user1 and user2 user has write permissions to other users are readonly, ifto need password are redhat

5) only allows the user to access the example.com domain of the shared directory A: # yum install-y samba # vim / etc / samba / smb.conf [global] workgroup = RHCE

security = user [share] path = / mnt / storagewrite list = user1 user2 hosts allow =. example.com # (echo redhat; echo redhat) | smbpasswd-s-a user1 # (echo redhat; echo redhat) | smbpasswd-s-a user2 # service smb start; chkconfig smb on 4.Download http://192.168.0.254/pub/tools/server.html the file to the / var/www/virt1 directory When the user input http://serverx.example.com the text content of the site can be accessed only allowthe machine can access, download http://192.168.0.254/pub/tools/www.html file to the default directory of the http, the user input http://wwwx.example.com can have access to the file, the site needs identityauthentication, so that all users of the machine can access the Do not change a user's password A: # mkdir / var/www/virt1 /; cd / var/www/virt1 / # wget http://192.168.0.254/pub/tools/server.html # mv server.html index.html # cd / var / www / html; wget http://192.168.0.254/pub/tools/www.html # mv www.html index.html # yum install httpd-y # vim / etc / httpd / conf / httpd.conf NameVirtualHost *: 80 <VirtualHost *:80> ServerName server5.example.com DocumentRoot / var/www/virt1 <Directory "/var/www/virt1"> order allow, deny allow from localhost

allow from 127.0.0.1 allow from www5.example.com allow from server5.example.com allow from station5.example.com </ Directory> </ VirtualHost> <VirtualHost *:80> ServerName www5.example.com DocumentRoot /var / www / html <Directory "/var/www/html"> AllowOverride AuthConfig AuthType basic AuthName Authentication Required AuthUserFile / var / www / html / .passwd Require valid-user </ Directory> </ VirtualHost> # chcon - reference = / var /www / html / var/www/virt1 # htpasswd-cm / var / www / html / .passwd user1 # htpasswd-m / var / www / html / .passwd user2 # htpasswd-m / var / www / html / .passwduser3 # elinks validation

5. Vsftp server, so that only allow user1 user access, and can not jump out of the home directory, only allows the example domain users to upload and download, only to allow the example domain can access A:

# the yum-y install vsftpd # vim / etc / vsftpd /vsftpd.conf userlist_deny = NO userlist_file = / etc / vsftpd / vsftpd.user_list chroot_list_enable = YES chroot_list_file = / etc / vsftpd / vsftpd.chroot_list anon_upload_enable = YES anonymous_enable = YES # mkdir-p / var / ftp / incoming; chmod 777 / var / ftp / incoming # chcon-t public_content_rw_t / var / ftp / incoming # setsebool-P allow_ftpd_anon_write 1 # setsebool-P ftp_home_dir 1 # vim / etc/vsftpd/vsftpd.user_listuser1 # vim / etc/vsftpd/vsftpd.chroot_listuser1 # service vsftpd start; chkconfig vsftpd on #vim / etc / hosts.denyvsftpd: ALL EXCEPT. example.com 6. new mail server requirements are as follows 1) allow localhost and remote host can access 2) allow users of example.com relay, refused remote test 3) sendthe user3 mail will send user2 4) the confirmation / var/spool/mail/user1 exist 5) allows the user to only the example.com domain receiving mail via pop3 A: # yum install postfix-y # alternatives - set mta select postfix

# servicesendmail stop; chkconfig sendmail off # cd / etc / postfix # vim main.cf myhostname = stationX.example.com mynetworks_style = subnet mydestination = $ myhostname myorigin = $ myhostname relay_domains = example.com, $ mydestination inet_interfaces = all smtpd_client_restrictions = check_client_access hash :/ etc / postfix / access, check_sender_access hash :/ etc / postfix / access, check_recipient_access hash :/ etc / postfix / access, permit_auth_destination, permit_mynetworks, # vim / etc / postfix / access remote.test REJECT # vim / etc/aliases user3: user2 # postalias / etc / aliases #postmap hash :/ etc / postfix / access # touch / var/spool/mail/user1 (generally default exists) # chown user1: mail / var/spool/mail/user1 # chcon - reference = / var / spool / mail/ root / var/spool/mail/user1 # chmod 660 / var/spool/mail/user1 # the denial of remote.test domain also can use iptables

# iptables-A INPUT-p tcp - dport 25-s remote.test (writtenip segment)-j REJECT # service postfix start; the chkconfig postfix on # yum install dovecot # vim / etc / dovecot.confprotocols = pop3 # service dovecot start; chkconfig dovecot on # iptables-A INPUT-p tcp - dport 110-s192.168.0.0/24-j ACCEPT # iptables-A INPUT-p tcp - dport 110-j REJECT # service iptables save; chkconfig iptables on