Sie sind auf Seite 1von 6

Qsn 1.

configure nfs on system1 as follows:
export the /public directory with read only access to the domain only
export the /protected directory with read write access to the
access to /protected should be secure by kerbros. you can use keytab at
the /protected directory should contain a sub-directory name project that
is owned by krishna
krishna should have read write access to /protected/project.
ANs:- NFS (On server)smb
#yum -y install nfs*
#mkdir /public
#semanage fcontext -a -t public_content_t '/public(/.*)?'
#restorecon -vFR /public
#ls -ldZ /public
#vim /etc/exports
/public 172.25.X.0/24(ro)
#systemctl restart nfs-server
#systemctl enable nfs-server
#firewall-cmd --permananet --add-service=nfs
#firewall-cmd --complete-reload
#wget -O /etc/krb5.keytab
#mkdir /protected
#cd /protected
#semanage fcontext -a -t public_content_rw_t '/protected(/.*)?'
#restorecon -vFR /protected
#vim /etc/sysconfig/nfs
#vim /etc/exports
/protected 172.25.X.0/24(rw,sync,sec=krb5p)
#mkdir /protected/project
#useradd krishna
#chown krishna /protected/project
#setfacl -m u:krishna:rwx /protected/project
#chown nfsnobody /protected
#systemctl restart nfs-server
#systemctl restart nfs-secure-server
#systemctl enable nfs-secure-server
#firewall-cmd --permanent --add-service=nfs
#firewall-cmd --complete-reload
#firewall-cmd --permanenet --add-service=rpc-bind
#firewall-cmd --permanent --add-service=mountd
Qsn2. Mount an nfs share
configure system2 to mount the following nfs share from
/public should be mounted to /mnt/nfsmount
/protected should be mounted to /mnt/nfssecure using the keytab at
krishna should be able to create file in /mnt/nfssecure/project
the file system should automatically be mounted at boot
Ans:- Mount nfs (
Client side)Untitled Folder 4
#yum -y install nfs-utils
#mkdir /mnt/nfsmount
#mkdir /mnt/nfs
#vim /etc/fstab
serverX:/public mnt/nfsmount nfs defaults 0 0
#mount -a
#df -h
#wget -O /etc/krb5.keytab
#mkdir /mnt/nfssecure
#vim /etc/fstab
system1:/protected /mnt/nfssecure nfs
defaults,v4.2,sec=krb5p 0 0
#systemctl restart nfse-secure

#mount -a
#df -h
configure sm
b service on system1 as follows
your smb server must be a member of the STAFF workgroup
the service must share the /common directory. the share name must be
the common share must be available to domain client
the common must be browseable
the user floyd must have read access the share,authenticating with the
password indionce if necessary.
Ans:- samba (on system1)
#yum -y install samba*
#mkdir /common
#semanage fcontext -a -t samba_share_t '/common(/.*)?'
#restorecon -vFR /common
#ls -ldZ /common
#vim /etc/samba/smb.conf
[common]:-------------------------------------------- sharing name
path=/common :---------------------------------------- directory
valid users = floyd
browseable = yes
writable = yes :------------------------------------- no need in
single user
hosts allow = 172.24.X.0/24
#adduser floyd
#smbpasswd -a floyd
#smppasswd -e floyd
#systemctl restart smb nmb
#systemctl enable smb nmb
#firewall-cmd --permanent -add-service=samba
#firewall-cmd --complete-reload

#smbclient //system1/common -U floyd
on system1 share the /devops directory via SMB as follows:
the share should be named devops
the devops share must only be available to clients in the domain
the devops share must be browseable
kenji must have read access to share,authenticating with password indionce
chihiro must have read and write access to the share, authenticating with
the password indionce
the smb share is permanently mounted on system2 at /mnt/dev using the
credentials of kenji. the share must allow anyone who can
authenticate as chihiro to temprary acquire write permission.
Ans:- (on system1)
mkdir /devops
#semanage fcontext -a -t samba_share_t '/devops(/.*)?'
#restorecon -vFR /devops
#vim /etc/samba/smb.conf
[devops]:---------------------------------------------- sharing name
path = /devops :---------------------------------------
---directory name
valid users = kenji chihiro
write list = chihiro
browseable = yes
hosts allow = 172.24.X.0/24
#useradd kenji
#useradd chihiro
#smbpasswd -a kenji
#smbpasswd -a chihiro
#smbpasswd -e kenji
#smbpasswd -e chihiro
#setfacl -m u:chihiro:rwx /devops
#sestatus -b |grep samba
#setsebool -P samba_enable_export_home_dirs on
#setsebool -P samba_export_all_rw on
#systemctl restart smb nmb
(System2 Side)
yum -y install cifs-utils samba-client
#mkdir /mnt/dev
#vim /root/file.txt
#vim /etc/fstab

//system1/devops /mnt/dev cifs

defaults,multiuser,sec=ntlmssp,username=kenji,password=indionce 0 0
#mount -a
#df -h

configure system1 to provide an iscsi disk device name iqn.2016-
the iscsi service uses port 3260
this target usasge 3G backing logical volume name iscsi_store
the target is only available to only
Ans:- ISCSI Server (On system1)
# yum -y install targetcli*
#systectl restart target
#systemctl enable target
#firewall-cmd --permanent --add-port=3260/tcp
#firewall-cmd -reload
#fdisk /dev/vda
8e-lvm hex code
w-write or save
#partprobe /dev/vda
#pvcreate /dev/vda1
#vgcreate myvol /dev/vda1
#lvcreate -n mylv -L 3G myvol
/>backstore/block create iscsi_store /dev/myvol/mylv
/>/iscsi create
/>/iscsi create create
/>/iscsi create create
/>/iscsi create create
/backstores/block iscsi_store
#systemctl restart target
configure system2 so that it connects to the iqn.2016- as follows
the iscsi device should automaticaly be available on system boot
the iscsi block device contains a 2100MB partition that is formated as
the partition is mounted to /mnt/data and is automatically mounted to this
Ans:- #yum -y install iscsi-initiators-utils
#vim /etc/iscsi/initiator.iscsi
#systemctl restart iscsi
#systemctl enable iscsi
#iscsiadm -m discovery -t st -p 172.24.X.30:3260 -l
#fdsik /dev/sda
#partprobe /dev/sda
#mkfs.ext4 /dev/sda1
#mkdir /mnt/data
#vim /etc/fstab
/dev/sda1 /mnt/data ext4 _netdev 0 0
#mount -a
#df- h
create a mariadb database name contacts on system1 such that following
condtions exist
the database should contain the content of the database dump from
the database should be accessible from localhost only
other than the root user, the database only allow queries from the user
raikon. this user should have the password zaldebro
the root user should have password zaldebro and must not be allowed to log
in without using a password
Ans:- (On system1)
#yum -y groupinstall mariadb*
#systemctl restart mariadb
#systemctl enable mariadb
#firewall-cmd --permanent --add-service=mysql
#firewall-cmd --complete-reload
set password - y
#mysql -u root -p
/> create database contacts ;
/> show databases ;
/> flush privileges ;
/> exit==
#mysql -u root -p contacts <users.mdb
#mysql -u root -p contacts
/>create user raikon@'localhost' identified by 'zaldebro' ;
/>grant update,insert,delete,select on contacts.* to raikon@'localhost' ;
/>flush privileges;
#vim /etc/my.cnf
#systemctl restart mariadb
Qsn8. Query database
use the d atabase contacts on system1 and the appropriate sql queries to
answer the following question
what is the first name of person whose password is solicitous ?
Ans:- (On system1)
#mysql -u root -p contacts
/> show tables;
/> describe tablename ;
/> select * from tablename where field_name='field_value' ;
Qsn9. IMplement dynamic web content
configure your webserver on system1 to provide dynamic web content as
dynamic content is provided by a virtual host named
the virtual host listen on port 8909
download a copy of script at and place it in an
appropriate location for
your virtual host so that it genrate dynamic web content. don not alter or
change the content of the file in any way
clients connecting to should receive a
dynamicaly genrated webpage
the location must be accessble to all
system in the domain
Ans:- (on system1)
#yum -y install httpd*
#yum -y install mod_wsgi
#mv webinfo.wsgi /var/www/html
#restorecon -vvFR /var/www/html/webinfo.wsgi
#ls -ldZ /var/www/html/webinfo.wsgi
#vim /etc/httpd/conf.d/webinfo.conf
listen 8909
<virtualhost 172.24.X.30:8909>
wsgiscriptalias / /var/www/html/webinfo.wsgi
<directory /var/www/html>
oreder allow,deny
allow from 172.24.X.0/24
#semanage port -a -t http_port_t -p tcp 8909
#systemctl restart httpd
#systemctl enable httpd
#firewall-cmd --permanent --add-port=8909/tcp
#firewall-cmd --complete-reload
#firewall-cmd --permanent --add-service=http
#firewall-cmd --complete-reload
Qsn10. IMplement a web server
implement a webserver on system1 for the site and perform the following steps
rename the downloaded file to index.html do not make modification to the
content of this file
copy this index.html to the documentroot of your webserver
clients within should be able to access the webserver
clients with in should not have acces the webserver
Ans:- (on system1)
#mv station.html /var/www/html/index.html
#restorecon -vvFR /var/www/html/index.html
#ls -ldZ /var/www/html/index.html
#vim /etc/httpd/conf.d/abc.confmkdir
<virtualhost 172.24.X.30:80>
documentroot /var/www/html
<directory /var/www/html>
order allow,deny
allow from 172.24.X.0/24
#systemctl restart httpd
Qsn11. configure a virtual host
extend your webserver on system1 to inculde a virtualhost for the site then perform the following step
set the document root for the virtual host to /var/www/virtual
rename the downloaded file index.html do not make any modification to the
content of this file
place this file in the document root of the virtual host
the usr floyd must be able to create content in /var/www/virtual
NOTE- the original webstie must still be
accessible. dns resolution for the host name
is[kiosk@foundation0 Desktop]$ rht-vmctl view all
allready provided by the name server
Ans:- (on system1)
#mkdir /var/www/virtual
#mv www.html /var/www/virtual/index.html
#restorecon -vvFR /var/www/virtual
#restorecon -vvFR /var/www/virtual/index.html
#ls -ldZ /var/www/virtual/index.html
#vim /etc/httpd/conf.d/www.conf
<virtualhost 172.24.X.30:80>
documentroot /var/www/virtual
<directory /var/www/virtual>
require all granted
#setfacl -m u:floyd:rwx /var/www/virtual
#systemctl restart httpd
Qsn12. Configure web content access
on your webserver on system1 create directory name private under the
document root directory and configure as follows:
download a copy of the file into this directory and
rename it index.html do not make
any modification to the content of this file.
the contents of private should be visible to anyone browsing from system1
(including localhost) but should not be accessible from other location
Ans:- on system1
#mkdir /var/www/html/private
#mv private.html /var/www/html/private/index.html
#restorecon -vvFR /var/www/html/private
#restorecon -vvFR /var/www/html/private/index.html
#ls -ldZ /var/www/html/index.html
#vim /etc/httpd/conf.d/abc.conf
<directory /var/www/html/private>
order allow,deny
allow from 172.24.X.30
#systemctl restart httpd
Qsn13. link aggrigation
configure a network name link between and according to the following requirements
the link uses the interfaces eth1 and eth2
the link will continue to functions even if one of the underlying
interfaces or network is down
the link interface on system1has the address 172.16.x.25/24
the link interface on system2 has the address 172.16.x.25/24
the link is active after a system reboot.
Ans:- (Same thing on both systems SYSTEM1 and SYSTEM2)
#nmcli connection add type team con-name team1 ifname team1 config
'{"runner": {"name": "activebackup"}}'
#nmcli connection show
#nmcli connection modify team1 ipv4.addresses
#nmcli connection modify team1 ipv4.method static
#nmcli connection add type team-slave con-name team1_port1 ifname eth1
master team1
#nmcli connection add type team-slave con-name team1_port2 ifname eth2
master team1
#nmcli connection show
#teamdctl team1 stat
#ping -I team1
Qsn14. MAIL service
configure mail on both system1 and system2
the system donot accpet incoming email from external resources
any mail send locally on these system is automatically routed to
mail sent from these systems show up as coming from
you may test your configuration by sending eamil to the localuser arthur
+. the system has been configured drop email for
this user into
Ans:- (Same thing on both systems SYSTEM1 and SYSTEM2)
#yum -y install postfix*
#vim /etc/postfix/
inet_interfaces = localhost
Mydestination =
Relayhost = []
Mynetwork =
Myorigin =
#systemctl restart postfix
#systemctl enable postfix
#firewall-cmd --permanent --add-service=smtp
#firewall-cmd --complete-reload
#mail arthur
(for checking mail click on this link
Qsn15. configure ipv6
configure the eth0 on your exam system with the following ipv6 addresses
system1 should have the address 200a:ac18::a05/64
system2 should have the address 200a:ac18::a0a/64
Ans:- (ON SYSTEM1)
#nmcli connection show
#nmcli connection modify "eth0" ipv6.addresses 200a:ac18::a05/64
#nmcli connection modify "eth0" ipv6.method static
#ping6 200a:ac18::a05
#nmcli connection show
#nmcli connection modify "eth0" ipv6.addresses 200a:ac18::a0a/64
#nmcli connection modify "eth0" ipv6.method static
#ping6 200a:ac18::a0a
Qsn16. Configure your system to use a default repository:-
A yum repository has been provided at
Ans:- #vim /etc/yum.repos.d/server.repo
Qsn17. Script
create a script on system1 named /root/ that does the following
when run as /root/ redhat it produces the output fedora on stdout
when run as /root/ fedora it produces the output redhat on stdout
when run without arguments or any other arguments other than redhat or
fedora, it sends the following output to stderr:
/root/ redhat|fedora
Ans:- #vim /root/
if [ "$1" == "redhat" ]
echo "fedora"
elif [ "$1" == "fedora" ]
echo "redhat"
echo "/root/ redhat|fedora"
Qsn.18 user environment 17
create a custom command called qstat on both system1 and system2 that
runs the command: /bin/ps -Ao pid,tt,user,fname,rsz
this command should be available to all usres on the system.
Ans:- #vim /etc/bashrc
alias qstat="/bin/ps -Ao pid,tt,user,fname,rsz"
Qsn.19 SSH Configure 17
configure SSH access as follows:
users have remote SSH access to your virtual systems from within
client within should not have access to ssh on your systems.
Ans:- #yum -y install openssh*
#vim /etc/hosts.deny
sshd :
#systemctl restart sshd
#systemctl enable sshd
#firewall-cmd --permanent --add-service=ssh
#firewall-cmd --complete-reload
Qsn20. Port forwarding
configure port forwarding in your machine system1 such that forward all
incoming connection on port 5909/tcp
on the firewall to port 80/tcp of the machine with the
Ans:- #firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source
address= forward-port port=5909 protocol=tcp to-port=80'
#firewall-cmd --permanent --complete-reload
Qsn21. Create a script name makeusers in /root directory when an argument
file.txt pass in front of this script then users listed in this file
created with /bin/false sheel. When file name is different then error shows file
not found if file is not pass an argument then error shows please write
command again. Download this file from
Ans:- #vim /root/makeusers
if [ "$#" -lt 1 ]
echo "please write command again"
exit 0
if [ -f $1 ]
for users in `cat $1`
adduser -s /bin/false $users
echo "file not found"