RHCSA7 LAB134. Solution

-
Sol ution
-
Solution
-
I n t h i s l a b, you wi l l confi g u re a system u s i n g t h e s k i l l s ta u g h t i n t h i s co u rse.
-
Resou rces:
Files: h t t p : / / s e rve rX . example . com/logfile
-
Machines: serverx a n d d e s k t opX
Outcomes:
Two syst e m s confi g u red accord i n g to t h e specified req u i re m e nts t h a t fo l l ow.
-
Before you begin . . .

Reset yo u r se rverX syste m .
-
•
• Log i nto a n d set u p yo u r se rve rX syst e m .
-
[ s t u d e n t@s e r v er x - ] $ lab sa2 - r eview s e t u p
-
• Reset your deskt opX syste m .
Yo u have b e e n taske d w i t h confi g u ri n g a n e w system f o r yo u r c o m p a ny: desktopX. T h e syst e m

-
s h o u l d be config u red accord i n g to t h e fo l l ow i n g req u i re m ents.
• The system should a ut h e n t icate u s e rs using LDAP and Ke r b e r o s using t h e fo l l owi n g sett i n g s:
-
Name Va l u e
L D A P s e rver class room . example . com
- S e a rc h Base dc=example , dc=com
Use TLS Yes
- T L S CA Cert h t t p : / / c lass room . example . com/ pub/example - ca . c r t

Ke r b e ros Rea l m EXAM P L E . COM
-
Ke r b e ros K D C class room . example . com
Ke r b e ros Ad m i n class room . example . com
S e rver
-
Fo r test i n g p u rposes, you ca n u s e t h e u s e r ldapuse rx, w i t h t h e pa ssword kerberos.
-
• Home d i recto ries for yo u r LDAP u s e rs s h o u l d be a u to m a t i ca l ly m o u nted on access. These
home d i rectories a re s e rved from t h e N FS s h a re class room . example . com : /home/g u e s t s .
s e rverX expo rts a C I FS s h a re ca l l ed wes t e ros. T h i s s h a re s h o u l d b e mou nted automatica l l y

-
•
a t boot o n t h e m o u nt point /mn t /we s t e ros. To m o u nt t h i s s h a re, you w i l l n eed t o u s e t h e

u s e r n a m e t y r ion w i t h t h e password slapj off r eyslap. T h i s pa ssword s h o u l d n ot b e stored
-
a n y w h e re a n u n privi l eg e d user ca n read it.
• s e rverX exports an N FSv4 s h a re ca l l e d /es sos. This s h a re needs to be m o u nted read-w rite
at boot o n /mn t /essos u s i n g Ker beros a u t h e nticat i o n , e n crypt i o n , and i nteg rity c h ec k i n g .
-
A keyt a b f o r yo u r system ca n b e d ow n l oa d e d from

h t t p : / / c l a s s r o o m . e x a m p l e . c o m / p u b / k e y t a b s / d e s k t o pX . k e y t a b .
-
-
R H1 3 4- R H E L 7-en-1-2014061 0 307
-
C h a p t e r 1 5 . C o m p re h e n s i ve Review of System A d m i n i s t ra t i o n I I
C o nfi g u re a new 512 M i B l o g i c a l v o l u m e c a l l e d arya i n a n e w 2 G i B v o l u m e g ro u p c a l l e d s t a r k.
T h i s n e w l o g i c a l v o l u m e s h o u l d be f o r m atted w i t h a n X F S f i l e syst e m , a n d m o u nted p e r s i s te n t l y

o n /mn t / unde rfoot.
Yo u r s y s t e m s h o u l d be o u tfitted w i t h a n ew 512 M i B swa p p a r t i t i o n , a ut o m a t i ca l l y a c t i vated a t

b o ot.
C reate a n e w g ro u p c a l l e d kings, and f o u r n e w u s e rs b e l o n g i n g to that g r o u p: s t an n i s ,

j of f r ey, r e n ly, a n d r o b b .
C reate a n ew d i rectory / i r on t h r on e , o w n e d by r oot : root w i t h p e r m i s s i o n s 700.
C o nfig u re t h i s d i rectory s o t h a t users i n t h e kings g r o u p h a ve b o t h r e a d a n d w r i t e p r i v i l e g e s

o n i t , w i t h t h e exce p t i o n of t h e u s e r j o f f rey, w h o s h o u l d o n l y b e g ra n ted re ad p r i v i l eg e s .
T h e s e rest r i c t i o n s s h o u l d a l so a p p l y t o a l l new f i l es a n d d i re c t o r i e s c reated u n d e r t h e

/ i r o n t h rone d i re cto ry.
I n sta l l t h e httpd a n d mod_ssl p a c k a g e s , t h e n e n a b l e a n d start t h e h t t pd . se rvice s e rv i ce.
Open up port 12345 / t c p in t h e d e fa u l t z o n e for t h e fi rewa l l r u n n i n g o n your syst e m .
C reate a n e w d i rectory c a l l e d /doc r o o t . M a ke s u re t h a t t h e S E L i n u x c o n text f o r t h i s d i rectory

i s set to pu blic_con t e n t_t , and t h a t t h i s context wi l l s u rvive a re l a b e l o p e ra t i o n .
h t t p : I I s e r v e rx . e x a m p l e . c o m / l o g f il e conta i n s t h e l o g s for a recent

p roject. D ow n l oad this f i l e, then extract a l l l i n es e n d i n g i n ERROR o r FAI L to t h e f i l e
/home / s t u d e n t /e r ro r s . t x t . A l l l i n e s s h o u l d b e kept i n t h e o r d e r i n w h i c h t h e y a p p e a r i n
t h e l o g f i l e.
Yo u r system s h o u l d have a n ew d i rectory used to store t e m p o ra ry f i l e s n a m e d

/ r u n/ve r yve ryvolatile. W h e n ev e r syst emd - tmpfiles - - clean i s r u n , a n y f i l e o l d e r
t h a n 5 s e c o n d s s h o u l d be d e l eted f r o m t h a t d i recto ry.
T h i s d i re ctory s h o u l d h ave p e r m i s s i o n s 1777, a n d be ow ned by root : r o o t .
A l l c h a n g e s m u st s u rv i ve a reboot. W h e n you a re d o n e conf i g u r i n g y o u r syste m , y o u c a n test

your work b y reboot i n g y o u r d e s k t o pX m a c h i n e and r u n n i n g t h e f o l l o w i n g c o m m a n d :
[ s t u de n t@des k t o pX - ] $ lab sa2 - review grade
1. T h e system s h o u l d a u t h e n t icate u s e rs u s i n g LDAP a n d Ke r be ro s u s i n g t h e fo l l o w i n g

sett i n g s :
Name Va l u e
L D A P server clas s room . example . com
S e a r c h Base d c=example , dc=com
Use T L S Yes
T L S CA Cert h t t p : //class room . example . com/pub/example - ca . c r t
Ke r b e ros Rea l m EXAMP L E . COM
Ke r b e ros K D C c lass room . example . com
308 R H 1 3 4- R H E L7 - e n - 1 -20140610
-
Sol ution
-
Fo r test i n g p u rposes, y o u can u s e t h e u s e r ldap u s e rx, with t h e password k e r b e ros.
- 1. I n sta l l the authconfig-gtk and sssd p a c ka g es.
I [ s t u d e n t @d e s k t opX - ] $ sudo yum i n s t all aut hconfig - g t k sssd

-
2. Run aut hconfig - g t k, and enter the i nformation p rovid e d . Do not forget to u nc h e c k
-
t h e Use DNS to locate K D Cs for rea l m s o p t i o n .
I [ s t ud e n t@d e s k t opX - ] $ s u d o aut hconfig - gt k
2. H o m e d i recto ries for your L D A P users s h o u l d be a utomatica l l y m o u nted o n access. These

home d i rectories a re served from t h e N FS s h a re class room . example . com : /home/
-
guests.
1. I n sta l l t h e autofs package.

-
i [ s t ud e n t @d e s k t opX - ] $ sudo yum i n s t all au t ofs

i
-
2. C reate a new file ca l l e d /etc/au t o . mas t e r . d/gues t s . autofs with the fo l l ow i n g
contents:
-
I / h ome/g u e s t s /etc/au t o . g u e s t s
-
3. C reate a new file ca l l e d /etc/au t o . g u e s t s with t h e fo l l ow i n g contents:
* - rw , s y n c clas s r oom . example . co m : / h ome/ g u e s t s /&

-
4. Sta rt a n d e n a b l e t h e autofs . s e rvice service.

-
I . [ s t u d e n t@d e s k t opX - ] $ sudo systemct l enable autofs . s e rvice

[ s t u d e n t@d e s k t opX - ] $ sudo systemct l s t a r t autofs . se rvice
-
3. serverX exports a C I FS s h a re ca l l e d we s t e ros. This s h a re s h o u l d b e m o u nted

a u t o m atica l l y at boot on t h e m o u nt point /mnt/wes t e ros. To m o u nt this s h a re, you wi l l
-
ne ed t o use t h e u s e r n a m e t y r io n w i t h t h e pa ssword slapj off r eyslap. T h i s pa ssword
s ho u l d not b e stored a nywhere an u n p ri v i l e g e d user can read it.
-
1. I nsta l l the cifs-utils packa g e.
[ s t u d e n t@d e s k t opX - ] $ sudo yum i n s t all cifs - u t ils

-
2. C reate t h e m o u nt point.
-
- R H134- R H E L 7-en-1 -2014061 0 309
-
-
C h a pter 1 5. C o m p r e h e n s ive Review of Syste m A d m i n i st ra t i o n I I
[ s t u d e n t@d e s k t opX - ] $ sudo mkdir - p /mnt/we s t e r o s
3. C reate a cred e n t i a l s f i l e n a m e d / roo t / t y r ion . c reds with t h e fo l l ow i n g content. t h e n

s e t t h e p e r m i s s i o n s o n t h a t f i l e to 0600:
u s e r n ame= t y r i o n
p a s swo r d = s lapj o f f r eyslap
-
[ s t u de n t@d e s k t o pX - ] $ sudo c hmod 0600 / root/tyrion . c reds

-
4. A d d t h e fo l l o w i n g l i n e to / e t c /fst ab:
/ / s e rve rX . example . com/wes t e r o s / m n t /we s t e r o s c i f s c r e d s = / r o o t / t y rion . c r e d s 0 0
-
5. M o u n t a l l fi l e syste ms, and i n s pect the m o u nted fi l e syste m .
[ s t u d e n t@d e s k t o pX - ] $ sudo mount - a

-
[ s t u d e n t @d e s k t opX - ] $ cat /mnt/we s t e ros/README . txt
4. se rve rX exports an N FSv4 s h a re ca l l ed /essos. Th is s h a re needs to b e m o u nted rea d -
w r i t e at b o o t on /mnt /essos u s i n g Kerbe ros a u t h e n ti c a t i on , e n c r y pt i o n , a n d i nteg rity

chec k i n g .
-
A keyt a b for you r system can be d o w n l o a d e d from
h t t p : / / c l a s s r o o m . e x a m p l e . c o m / p u b / k e y t a b s / d e s k t o pX . k e y t a b .
-
1. C reate t h e m o u nt poi nt.
[ s t u d e n t@d e s k t o pX - ] $ sudo mkdir -p /mnt/essos -
2. Dow n l oa d t h e keyt a b for you r syste m .

-
[ s t u d en t@de s k t o pX - ] $ sudo wget - o /etc/krb5 . keytab h t t p : //
-
clas s r oom . example . com/ pub/keyt abs/de s k t o pX . keytab
3. Add the fo l l o w i n g l i n e to / e t c / f s t ab:
s e rve rX . example . com : / e s s o s /mn t / e s s o s n f s sec= k r b 5 p , rw 0 0
-
4. Start a n d e n a b l e t h e nfs - secu r e . se rvice service.
[ s t u d e n t@de s k t o pX - ] $ sudo systemc t l enable nfs - secure . s e rvice

-
[ s t u d e n t @d e s k t o pX - ] $ sudo systemct l start nfs - secure . se rvice
5. M o u nt a l l fi l e syste ms. -
31 0 R H134- R H E L 7 - e n -1 -2014061 0
-
-
Solution
-
[ s t u d e n t @d e s k t o pX - ] $ sudo mount - a
-
5. Config u re a n e w 5 1 2 M i B l o g i c a l vo l u m e ca l l ed arya i n a n e w 2 G i B vo l u m e g ro u p ca l l e d
s t a r k.
-
T h i s new l o g i ca l vo l u m e s h o u l d be formatted with a n X FS f i l e syste m , a n d m o u nted

persiste n t l y o n /mn t / u n d e rfoot.
-
1. C reate a 2 G i B p a r t i t i o n o n y o u r seco n d a ry d i s k.
[ s t u d e n t @d e s k t o p X - ] $ s u do fdisk /dev/vdb
Welcome to f d i s k ( u t il - li n u x 2 . 23 . 2 ) .
- Changes will remain i n memo ry o n l y , u n t il y o u decide t o w r i t e t hem .

Be c a r e f u l b e f o r e u s i n g t h e w r i t e c omman d .
Device d o e s n o t c o n t ai n a r e c o g nized p a r t i t i o n t able

- B u ilding a n ew DOS d i s klabel wit h d i s k i d e n t ifie r 0xcade6cae .
Command ( m f o r help ) : n
Partition type :
-
p p r imary ( 0 p r ima r y , 0 e x t e n d e d , 4 f r e e )
e e x t e n ded
Select ( d efault p ) : p
- P a r t i t i o n n u m b e r ( 1 - 4 , default 1 ) : E nt e r
Fi rst s e c t o r ( 2048 - 2 0 9 7 1519 , default 2048 ) : E nt e r
U s i n g default val u e 2048
Last s ec t o r , + s ec t o r s o r + s i z e { K , M , G } ( 2048 - 2 0 9 71 5 1 9 , default 20971519 ) : +2G
-
Partition 1 of t y p e Linux and of size 2 G i B i s s e t
Command ( m f o r h e lp ) : t
-
Selec t e d p a r t i t i o n 1
Hex c o d e ( t y p e L t o l i s t all c o d e s ) : Se
Changed t y p e of p a r t i t i o n ' Li n u x ' t o ' Li n u x LVM '
- Command ( m f o r h e l p ) : w
The p a r t i t io n table h a s been alt e r e d !
Callin g ioc t l ( ) t o r e - read p a r t i t io n table .

-
Syncing d i s k s .
-
2. Tu r n t h e n e w partit i o n i nto a phys i c a l vo l u m e.
I [ s t u d e n t @d e s k t o p X - ] $ sudo pvc reate /dev/vdbl

-
3. B u i l d a new vo l u me g ro u p u s i n g t h e new phys ica l vo l u m e.
- i
I [ s t u d e n t@de s k t opX - ] $ sudo vgcreate s t a r k /dev/vdbl
- 4. C reate a new 512 M i B l o g i c a l vo l u m e ( LV ) in t h e n e w vol u m e g ro u p.
!
•
[ s t u d e n t @d e s k t opX - ] $ sudo lvc reate - n arya - L 512M s t a r k
-
5. Fo rmat t h e new LV with an X FS f i l e system .

-
- R H1 3 4- R H E L 7-en-1-2014061 0 311
-
-
C h a pter 1 5. C o m p re h e n s i ve Review of System Ad m i n i st rat i o n I I
[ s t u d e n t@d e s k t o pX -
] $ sudo mkfs - t xfs /dev/ s t a r k/arya
6. C reate the m o u nt poi nt.
[ s t u d e n t@d e s k t opX -
$ sudo mkdir -p /mnt/unde rfoot
)
7. A d d t h e fo l l o w i n g l i n e to / e t c /f s t ab: -
/dev/ s t a r k/arya / m n t / u n d e r f o o t xfs defaul t s 1 2
8. M o u nt a l l fi l e systems.
-
- ] $ sudo mount - a
6. Yo u r system s ho u l d be o u tfitted with a new 512 M i B swa p p a r t i t i o n , automat ica l l y act ivated -
at boot.
1. C reate a new 512 M i B pa r t i t i o n o n yo u r seco n d a ry d i s k a n d set t h e partition type t o 82. -
[ s t u d e n t@de s k t opX - ] $ sudo f d i s k /dev/vdb

Welcome t o fdi s k ( u t il - l i n u x 2 . 2 3 . 2 ) .
C h a n g e s will remain in m e m o r y only , u n t il yo u d e c i d e to w r i t e t h em .

Be c a r e f u l b e f o r e u s i n g t h e w r i t e comman d .
-
Command ( m fo r help ) : n
P a r t i t ion t y p e :
p p r im a r y ( 1 p r imary , 0 e x t e n d e d , 3 f r e e ) -
e extended
S e l e c t ( d efault p ) : p
P a r t i t ion n u m b e r ( 2 - 4 , default 2 ) : E n t e r
F i r s t sec t o r ( 4196352 - 20971519 , d e f a u l t 4196352 ) : E n t e r -
U s i n g default value 4196352

L a s t sect o r , + s e c t o r s or + s i z e { K , M , G} ( 4196352 - 2 0 9 7 1519 , default
2097 1519 ) : +512M
-
P a r t i t ion 2 o f type L i n u x and of size 512 MiB i s s e t
Command ( m f o r help ) : t
P a r t i t ion n u m b e r ( 1 , 2 , default 2 ) : E n t e r -
Hex code ( type L t o l i s t a l l codes ) : 82

C h a n g e d type o f p a r t i t io n ' Li n u x ' t o ' Li n u x swap I Sola r i s '
-
Command ( m f o r h e lp ) : w
T h e p a r t i t i o n t ab l e has been al t e red !
Call i n g i o c t l ( ) t o r e - read p a r t i t i o n table .
I
WARN I N G : Re - r ea d i n g t h e p a r t i t io n table failed wit h e r r o r 16 : Device o r r e s o u r c e
busy .
The k e r nel s t ill u ses t h e old table . The new t a b l e will be u sed at
the next r e b o o t or af t e r you r u n par t p r o be ( B ) or k p a r t x ( B )
Syn c i n g d i s k s .
[ s t u d e n t@d e s k t o pX - ] $ sudo partprobe
-
-
312 R H134- R H E L 7 - e n -1 -2014061 0
-
-
Solution
-
2. Fo r m a t t h e new partition a s swa p.
-
[ s t u d e n t@des k t opX - ] $ sudo mkswap /dev/vdb2
- 3. Retrieve t h e U U I D for yo u r new swap partition.
[ s t u d e n t @d e s k t opX - ] $ s u d o blkid /dev/vdb2

-
4. Add t h e fo l l o w i n g l i n e to / e t c / f s t ab; m a ke s u re to use the U U I D you fo u n d i n the

-
prev i o u s step.
U U I D= " xxxxxxxx - x xxx - x xxx - xxxxxxxxxxxx " swap swap defau l t s 0 0

-
5. Activate a l l swa ps.
-
-
[ s t ud e n t@de s k t opX - ] $ sudo swapon - a
- 7. C reate a new g r o u p ca l l e d kings, a n d fo u r n ew u s e rs b e l o ng i n g to t h a t g ro u p : st annis,

j of f r ey, renly, and robb.
- 1. C reate the kings g ro u p .
[ s t ud e n t@d e s k t opX - ] $ s u d o g roupadd kings

-
2. C reate t h e fou r users, a n d a d d t h e m t o t h e kings g ro u p .
-
[ s t ud e n t@de s k t o pX - ] $ for NEWUSER in stannis j offrey r enly robb ; d o
> s u d o u s e r add - G kings S { N EWUSER}
> done
-
8. C reate a new d i rectory / i r on t h rone, owned by root : root with p e r m i s s i o n s 0700.

-
Confi g u re t h i s d i rectory so that u s e rs i n the kings g ro u p have both read and write
privi l e g e s o n it, w i t h t h e exce ption of the user j off rey, who s h o u l d only b e g ra nted read
-
privi l eges.
These rest r i c t i o n s should a l so apply to a l l n e w fi l es a n d d i rectories c reated under t h e

-
/ i r o n t h rone d i rectory.
1. C reate t h e d i rectory w i t h t h e correct p e r m i s s i o n s .

-
[ s t ud e n t@d e s k t opX - ] $ s u d o m k d i r - m 0 7 0 0 /ironth rone
-
2. Add an ACL o n /iron t h rone g ra n t i n g u s e rs in the kings g ro u p read a n d w rite
p r i v i l eges. D o not forget to add execute p e r m i s s i o n s as we l l , s i n ce t h i s is a d i recto ry.
-
[ s t u d e n t@de s k t o pX - ] $ sudo s e t facl - m g : kings : rwX / i r o n t h rone
-
RH134- R H E L 7-en-1-201 4061 0 313
-
-
C h a pte r 1 5. C o m p re h e ns i ve Review of System Ad m i n istra t i o n I I
3. Add an ACL for the user j of f r ey, w i t h o n l y rea d and execute p e r m issions.
l [ s t ud e n t@d e s k t o pX - ] $ sudo setfacl - m u : j offrey : r - x /iron t h rone
4. Add the two p rev i o u s ACLs a s d e fa u l t A C L s as we l l .
[ s t u de n t @d e s k t o pX - ] $ sudo set facl - m d : g : kings : rwx /iront h rone

[ s t u d e n t@de s k t o p X - ] $ sudo setfacl - m d : u : j offrey : r - x / i r o n t h rone
9. I n sta l l the httpd a n d mod_ss/ packages, t h e n e n a b l e and start the h t t pd . se rvice se rvice.
1. I n sta l l the httpd and mod_ssl packages.
I [ s t u d en t@d e s k t o pX - ] $ sudo yum i n s t all h t t pd mod_ssl
2. Start and e n a b l e t h e h t t pd . se rvice se rvice.
[ s t u d en t@d e s k t o pX -]$ sudo syst emc t l s t a r t h t t pd . se rvice

[ s t u d e n t@de s k t o pX - ] $ sudo systemc t l enable h t t pd . se rvice
1 0. O p e n up port 12345 / t c p in t h e d e fa u l t z o n e for the fi rewa l l r u n n i n g on your syste m .
1. O p e n port 12345 / t c p i n t h e p e r m a n e n t confi g u ra t i o n o f t h e d e fa u l t z o n e f o r yo u r

fi rewa l l .
[ s t ud e n t@de s k t opX - ] $ sudo firewall - cmd - - pe rmanen t - - add - po r t =12345/tcp
2. R e l o a d yo u r f i rewa l l to activate your c h a nges.
-
[ s t u d e n t@de s k t opX - ] $ s u d o fi rewall - cmd - - reload
11. C reate a new d i rectory ca l l ed /doc root. M a ke s u re that t h e S E L i n u x context for t h i s

d i rectory is s e t to p u blic_co n t e n t_t , a n d t h a t t h i s context w i l l s u rvive a re l a b e l
operat i o n .
1. C reate the /doc root d i rectory.
I [ s t u d e n t@de s k t opX - ] $ sudo mkdir /docroot -
2. Add a new defa u lt f i l e context for the /doc root d i rectory and a l l its d esce n d a nts.
-
[ s t u d e n t@de s k t o pX - ] $ sudo semanage fcontext - a - t pu blic_content_t ' /

doc root ( / . * ) ? '
3. Re l a b e l the /doc root d i recto ry.

-
[ s t u d e n t@d e s k t o pX - ] $ sudo restorecon - RvF /doc root
314 R H1 3 4- R H E L 7-en-1 -2014061 0
-
-
S o l ution
-
12. h t t p : / / s e r v e rX . e x am p l e . c o m / l o g f i l e conta i n s t h e logs fo r a rece nt
p roject. Dow n l oa d t h i s f i l e , t h e n extract all l i nes e n d i n g i n ERROR o r FAI L to t h e f i l e
-
/ home/ s t u de n t / e r r o r s . t x t . A l l l i nes s h o u l d b e kept i n the o rd e r i n w h i c h t h ey a p pe a r i n
t h e l o g f i l e.
-
1. Dow n l oa d t h e l o g f i l e.
I
i
[ s t ud e n t@de s k t o pX - ] $ wget h t t p : //serverX . example . com/logfile
2. Extract every line t h a t ends i n e i t h e r ERROR o r FAI L i nto t h e f i l e

/home/ s t u d e n t / e r r o r s . t x t , w h i l e kee p i n g t h e l i n e o rd e r i ntact.
[ s t u d e n t @d e s k t opX - ] $ g r e p -e ' ERROR$ ' -e ' FAIL$ ' logfile > /home/student/
e r rors . t xt
13. Yo u r system s h o u l d have a new d i rectory used to sto re t e m porary f i l e s n a m e d

-
/ r u n/ve ryve ryvolatile. W h e never syst emd - tmpfiles - - clean is r u n , a n y f i l e o l d e r
t h a n 5 seco n d s s h o u l d b e d e l eted f r o m t h a t d i recto ry.
T h i s d i rectory s h o u l d have p e r m i s s i o n s 1 7 7 7 , a n d be owned by root : roo t .
1. C reate a n e w f i l e ca l l e d / e t c / t mpfiles . d/ve ryveryvolat ile . conf w i t h t h e

- fo l l ow i n g content:
--
d / r u n/veryver �:;� at ile 1777 r o o t r o o t 5 s
I
2. Have sys t emd - t mpfiles c reate t h e d i recto ry.
[ s t u d e n t@de s k t opX - ] $ sudo systemd - tmpfiles - - c reate

I
14. Ve rify yo u r work by reboot i n g yo u r d e s k t opX m a c h i n e and r u n n i n g the fo l l ow i n g co m m a n d
on yo u r deskt opX sy � e m :
[ s t u d e n t@de s k t o pX - ] $ lab sa2 - review g rade
If any req u i re m e n t comes up as " FA I L" , rev i s i t that req u i re m e nt, a n d t h e n reboot a n d g ra d e
again.
- RH134- R H E L 7-e n-1-20140610 31 5

RHCSA7 LAB134. Solution

Uploaded by

Copyright:

Available Formats

You might also like

RHCSA7 LAB134. Solution

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RHCSA7 LAB134. Solution

Uploaded by

Copyright:

Available Formats

-

I n t h i s l a b, you wi l l confi g u re a system u s i n g t h e s k i l l s ta u g h t i n t h i s co u rse.

Before you begin . . .

• Log i nto a n d set u p yo u r se rve rX syst e m .

Yo u have b e e n taske d w i t h confi g u ri n g a n e w system f o r yo u r c o m p a ny: desktopX. T h e syst e m

- T L S CA Cert h t t p : / / c lass room . example . com/ pub/example - ca . c r t

Fo r test i n g p u rposes, you ca n u s e t h e u s e r ldapuse rx, w i t h t h e pa ssword kerberos.

s e rverX expo rts a C I FS s h a re ca l l ed wes t e ros. T h i s s h a re s h o u l d b e mou nted automatica l l y

a t boot o n t h e m o u nt point /mn t /we s t e ros. To m o u nt t h i s s h a re, you w i l l n eed t o u s e t h e

A keyt a b f o r yo u r system ca n b e d ow n l oa d e d from

C o nfi g u re a new 512 M i B l o g i c a l v o l u m e c a l l e d arya i n a n e w 2 G i B v o l u m e g ro u p c a l l e d s t a r k.

T h i s n e w l o g i c a l v o l u m e s h o u l d be f o r m atted w i t h a n X F S f i l e syst e m , a n d m o u nted p e r s i s te n t l y

Yo u r s y s t e m s h o u l d be o u tfitted w i t h a n ew 512 M i B swa p p a r t i t i o n , a ut o m a t i ca l l y a c t i vated a t

C reate a n e w g ro u p c a l l e d kings, and f o u r n e w u s e rs b e l o n g i n g to that g r o u p: s t an n i s ,

C reate a n ew d i rectory / i r on t h r on e , o w n e d by r oot : root w i t h p e r m i s s i o n s 700.

C o nfig u re t h i s d i rectory s o t h a t users i n t h e kings g r o u p h a ve b o t h r e a d a n d w r i t e p r i v i l e g e s

T h e s e rest r i c t i o n s s h o u l d a l so a p p l y t o a l l new f i l es a n d d i re c t o r i e s c reated u n d e r t h e

I n sta l l t h e httpd a n d mod_ssl p a c k a g e s , t h e n e n a b l e a n d start t h e h t t pd . se rvice s e rv i ce.

Open up port 12345 / t c p in t h e d e fa u l t z o n e for t h e fi rewa l l r u n n i n g o n your syst e m .

C reate a n e w d i rectory c a l l e d /doc r o o t . M a ke s u re t h a t t h e S E L i n u x c o n text f o r t h i s d i rectory

h t t p : I I s e r v e rx . e x a m p l e . c o m / l o g f il e conta i n s t h e l o g s for a recent

Yo u r system s h o u l d have a n ew d i rectory used to store t e m p o ra ry f i l e s n a m e d

T h i s d i re ctory s h o u l d h ave p e r m i s s i o n s 1777, a n d be ow ned by root : r o o t .

A l l c h a n g e s m u st s u rv i ve a reboot. W h e n you a re d o n e conf i g u r i n g y o u r syste m , y o u c a n test

[ s t u de n t@des k t o pX - ] $ lab sa2 - review grade

1. T h e system s h o u l d a u t h e n t icate u s e rs u s i n g LDAP a n d Ke r be ro s u s i n g t h e fo l l o w i n g

L D A P server clas s room . example . com

S e a r c h Base d c=example , dc=com

T L S CA Cert h t t p : //class room . example . com/pub/example - ca . c r t

Ke r b e ros Rea l m EXAMP L E . COM

Ke r b e ros K D C c lass room . example . com

Fo r test i n g p u rposes, y o u can u s e t h e u s e r ldap u s e rx, with t h e password k e r b e ros.

- 1. I n sta l l the authconfig-gtk and sssd p a c ka g es.

I [ s t u d e n t @d e s k t opX - ] $ sudo yum i n s t all aut hconfig - g t k sssd

I [ s t ud e n t@d e s k t opX - ] $ s u d o aut hconfig - gt k

2. H o m e d i recto ries for your L D A P users s h o u l d be a utomatica l l y m o u nted o n access. These

1. I n sta l l t h e autofs package.

i [ s t ud e n t @d e s k t opX - ] $ sudo yum i n s t all au t ofs

* - rw , s y n c clas s r oom . example . co m : / h ome/ g u e s t s /&

4. Sta rt a n d e n a b l e t h e autofs . s e rvice service.

I . [ s t u d e n t@d e s k t opX - ] $ sudo systemct l enable autofs . s e rvice

3. serverX exports a C I FS s h a re ca l l e d we s t e ros. This s h a re s h o u l d b e m o u nted

[ s t u d e n t@d e s k t opX - ] $ sudo yum i n s t all cifs - u t ils

- R H134- R H E L 7-en-1 -2014061 0 309

C h a pter 1 5. C o m p r e h e n s ive Review of Syste m A d m i n i st ra t i o n I I

[ s t u d e n t@d e s k t opX - ] $ sudo mkdir - p /mnt/we s t e r o s

3. C reate a cred e n t i a l s f i l e n a m e d / roo t / t y r ion . c reds with t h e fo l l ow i n g content. t h e n

[ s t u de n t@d e s k t o pX - ] $ sudo c hmod 0600 / root/tyrion . c reds

/ / s e rve rX . example . com/wes t e r o s / m n t /we s t e r o s c i f s c r e d s = / r o o t / t y rion . c r e d s 0 0

[ s t u d e n t@d e s k t o pX - ] $ sudo mount - a

4. se rve rX exports an N FSv4 s h a re ca l l ed /essos. Th is s h a re needs to b e m o u nted rea d ­ -

w r i t e at b o o t on /mnt /essos u s i n g Kerbe ros a u t h e n ti c a t i on , e n c r y pt i o n , a n d i nteg rity

[ s t u d e n t@d e s k t o pX - ] $ sudo mkdir -p /mnt/essos -

2. Dow n l oa d t h e keyt a b for you r syste m .

[ s t u d en t@de s k t o pX - ] $ sudo wget - o /etc/krb5 . keytab h t t p : //

3. Add the fo l l o w i n g l i n e to / e t c / f s t ab:

s e rve rX . example . com : / e s s o s /mn t / e s s o s n f s sec= k r b 5 p , rw 0 0

4. se rve rX exports an N FSv4 s h a re ca l l ed /essos. Th is s h a re needs to b e m o u nted rea d -