RHCE

Question 1

Check current rutes

Answer 1

route

Question 2

create a permanent rule to 172.168.1.0 using eth0

Answer 2

/etc/sysconfig/networ-scripts/route-eth0
172.168.1.0 via 192.168.1.100 dev eth0
restart interface

Question 3

Configure server as NAT

Answer 3

/etc/sysctl.conf --> net.ipv4_forward =1
sysctl -p --> to read changes
iptables:
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-t nat -I POSTROUTING -o eth0 -j MASQUERADE

Question 4

test NAT working from other server

Answer 4

make sure testing server uses the other as GW

Question 5

get list of wrappers

Answer 5

strings -f /usr/sbin/* | grep hosts_access

Question 6

allow all traffic from example.net, deny rest

Answer 6

host.allow:
ALL : .example.net (dont forget initial .)
host.deny:
ALL : ALL

Question 7

allow ssh from subnet 192.168.1.0 except 192.168.1.101

Answer 7

sshd : 192.168.1.0/255.255.255.0 EXCEPT 192.168.1.101 [or]

sshd : 192.168.1. EXCEPT 192.168.1.101

Question 8

make an RPM that packages iptables.sh

Answer 8

install rpmdevtools
create folder package-1.0
compress folder
rpmdev-setuptree
rpmdev-newspec
rpmbuild --b -v SPECS/mytest.spec

Question 9

test RPM package

Answer 9

rpm -ivh package

Question 10

configure ISCSI init to 192.168.1.200

Answer 10

install iscsi-initiator-utils
iscsiadm -m discoverydb -t st -p host -D
make sure “iscsi”service is on
partition and mount as usual (fstab options = _netdev 0 0)

Question 11

make iscsi permanent and test after reboot

Answer 11

as any other ext4 drive

Question 12

create a report that shows CPU, blah blah usage for the last 5 mins in intervals of 1m

Answer 12

sar -u 1 5

Question 13

generate report from a sar log

Answer 13

sadf -d /var/log/sa/sa32

Question 14

change sas data capture for 11pm

Answer 14

/etc/cron.d/sysstat and restart service and on

Question 15

configure 101 to send logs to 100

Answer 15

100: open ports tcp/udp 514
/etc/rsyslog.conf uncommend 4 ports entries
101:
/etc/rsyslog.conf: . @@blah.100

Question 16

test logger at 101

Answer 16

logger -p warn “textto”

Question 17

configure a Vhost www.mysite.com with root folder at /www/mysite/html

Answer 17

create folder and setup selinux permissions

create Vhost at httpd.conf

Question 18

test Vhost

Answer 18

make sure hosts entry is in

Question 19

create Vhost www.mysite2.com

Answer 19

nada

Question 20

create a private directory denied to 101

Answer 20

order allow,deny
Allow ALL
Deny from 101

Question 21

make dir to prompt for password for user test2

Answer 21

add to Directory directive:
AuthType basic
AuthName "provate access"
AuthUserfile "whatever/.htpasswd"
Require valid-user
Create passw file:
htpasswd -c .htpaswd test2

Question 22

make mysite group folder for webdevs (add test2 to group)

Answer 22

chown and then chmod

Question 23

Deploy CGI app at mysite

Answer 23

create cgi-bin folder
create pl script:
print "Content-type: text/html\n\n";
print "Hello";
configure permissions for folder and file and selinux
add to Vhost directive:
ScriptAlias /cgi-bin/ /www/mysite/html/cgi-bin/
Options +ExecCGI
AddHandler cgi-script .pl .cgi

Question 24

configure a caching-only name server, allow only 101 to query

Answer 24

open tcp/udp 53
/etc/named.conf:
listen-on port localipaddress
allow-query { localshot; ..101; };

Question 25

configure it to forward DNS to 200

Answer 25

/named.conf :
forward only;
forwarders { 192.168.1.200; };

Question 26

configure an anonymous-only download ftp

Answer 26

/etc/vsftpd/vsftpd.conf:
anonyous_enable = yes
local_enable=no
anon_upload_enable=no

Question 27

create a file in pub and test from 101

Answer 27

lftp: wget bye

Question 28

deny ftp access to 101

Answer 28

host.allow ALL except 101, deny all

Question 29

test ftp from 101 and remove restriction

Answer 29

nada

Question 30

create and NFS share /shared belonguing to webdevs group

Answer 30

nfs-utils should be installed
/etc/sysconfig/nfs:
ucomment 4 port directives and take note
open ports:udp +111  tcp+2049,111
make sure setype= public_content_t
/etc/exports:
/shared ...101(rw) or *(rw)

Question 31

testit and make perm

Answer 31

exportfs -ra
showmount -e
mount.nfs4 -o rw 101:/shared /mnt
add to fstabb

Question 32

remove from fstabb and use automount for shared

Answer 32

/etc/auto.master:
/mnt /etc/auto.misc
/etc/auto.misc:
test2 -rw.soft,initr 101:/shared
restart autofs

Question 33

share home-dir in Samba

Answer 33

install samba
open ports udp:137,138 tcp:139,445
enable sebool
create samba user: smbpasswd -a user

Question 34

create /share2 for test2 and test it. prevent access from putonazo.
(user testparm to check sintax)

Answer 34

/etc/samba.smb.conf:
[share2]
valid users = test2
invalid users = putonazo
write list = test2
path = /share2
writeable = yes
create mask = 0775

Question 35

create webshare for webdevs

Answer 35

[webshare]
browseable = yes
path = /webshare
force group = +webdevs
valid users = @webdevs
write list = @webdevs
create mask = 0770
directory mask = 2770

Question 36

test access from 101 and test2, make permanent

Answer 36

smbclient -L ….100 -U test2
mkdir -p /webshare
mount.cifs -o rw,username=blah,password=blah //…100/webshare

Question 37

prevent access to share2 from 200 and user test2 read only

Answer 37

[webshare]
hosts deny = …200
read list = test2

Question 38

test and change to allow only 192.168.1.0 network

Answer 38

hosts allow = 192.168.1.

Question 39

configure postfix and deny user user@gmail.com and reject network 172.168.1.0 and accept from …101

Answer 39

open port 25
/etc/postfix/access:
user@gmail.com REJECT
172.168.1 REJECT
192.168.1.101 OK
postmap access

Question 40

redirect root emails to test2

Answer 40

/etc/aliases: root test2

newalisases

Question 41

configure to accept email from …101

Answer 41

/etc/postfix/main.cfg:
inte_interfaces = all
$myhostname,$mudomain, $myorigin

Question 42

test it from 101

Answer 42

telnet …100 25

Question 43

configure it to relay trought 200

Answer 43

main.cfg:

relayhost = …200

Question 44

Allow user hades sshd acess from 101 but not from 200 and deny devgroup

Answer 44

sshd_config:
AllowUsers hades @…101
DenyUsers @…200
DenyGroups devgroup

Question 45

alow ssh connection of user hades between 100 and 101 wich key

Answer 45

su - hades on both
ss-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub otherip

Question 46

test it

Answer 46

nada

Question 47

configure as NTP server

Answer 47

open port udp 123
remove from config:
nopeer noquery

Question 48

confgirue 101 to use 100 as ntp server

Answer 48

/etc/ntp.conf:

server my-ntp-server iburst