Professional Documents
Culture Documents
RHCE 6 Exam
RHCE 6 Exam
RHCE 6 Exam
http://wenku.baidu.com/view/7dc5773743323968011c923f.html
In this examination you will use two systems, a system that you seat next to a
physical machine, another system is located in the Virtual Machine Manager machine,
the virtual machine is already pre-installed with Redhat Enterprise Linux, firewall
configuration is enabled by default, Unless otherwise specified, all exams can only
operate in a virtual machine, you do not have permission to use root login to
physical machine device, but when necessary, you can use it to test your virtual
machine to do some service.
Note that not allow you to communicate with other candidates during the
examination, also not allowed to connect to other candidates machines. Machines and
networks will be monitored over for misuse and can cause your test scores two
points for the 0.
Before you begin, you should check some general configuration information listed in
the link below:
Additional configuration information:
Complete the following when you receive the results, this part of the results will
be marked
You need to get at least 210 from 300 points in order to obtain certification!
###################################################################################
###################################
RHCSA Exam:
#vi /etc/yum.repos.d/base.repo
[base]
name = base
baseurl = http://instructor.example.com/pub/rhel6/dvd
gpgcheck = 0
#yum list
2. Configure home directory LV to 300 MB. Ensure the integrity of file system.
Partitions are seldom accurate to the same size and requirements, therefore the
range between 320M to 350M are acceptable.
#vgdisplay
#lvextend -L +xM +path
#resize2fs +path
#df -TH
#groupadd sharegrp
#useradd natasha -G sharegrp
#useradd harry -G sharegrp
#useradd sarah -s /sbin/nologin
#echo "user:passwd" | chpasswd
5. User natasha must configure a cron job local daily 14:23 to run: */bin/echo
howdy.
#crontab -u natasha -e
23 14 * * * /bin/echo howdy
#crontab -u natasha -l
#mkdir /home/shared
#ll -d /home/shared
#chgrp sharegrp /home/shared
#chmod g+wrx /home/shared
#chmod o-rx /home/shared
#chmodg +s /home/shared
#system-config-authentication
#system-config-date
10. Configure autofs to automatically mount LDAP user's home directory as follows:
instructor.example.com(192.168.0.254) use NFS to share /home/guests to your system.
This file system includes a pre-set user ldapuser11 home directory.
ldapuser11's home directory is instructor.example.com/home/guests/ldapuser11.
ldapuser11's home directory should automatically mount to the local /home/guests.
The following /ldapuser11's home directory must have write access by the user.
ldapuser11 password is "password".
#vim /etc/auto.master
/home/guests /etc/auto.ldap
:wq
#cp /etc/auto.misc /etc/auto.ldap
#vim /etc/auto.ldap
ldapuaer11 -fstype=nfs,rw 192.168.0.254:/home/guests/ldapuser11
:wq
#service autofs restart
#su ldapuser11
11. Config server11.example.com that implements ftp service that allows anonymous
file download from /var/ftp/pub.
14. Add your system an extra size 750M swap partition that should be at system boot
time. Do not remove or change the existing swap partition on your system.
#swapon -s
#fdisk -cu /dev/sda
#n e l t 82
#partx -a /dev/sda
#ll /dev/sda*
#mkswap /dev/sdaX
#swapon /dev/sdaX
#vim /etc/fstab
/dev/sdaX swap swap defaults 0 0
:wq
#mount -a
#swapon -s
15. Identify all files that the owners are natasha and copy them to /root/found
catalog.
#mkdir /root/found
#find / -user natasha -exec cp -rf {} /root/found/ \;
16. In the archives /usr/share/dict/words find all contained within the string
strato column, and then put them out in accordance with the original order, copied
to /root/lines.txt, there are no blank lines in this file, copy over all ranks,
which should follow the original.
17. Create a logical volume group wgroup, called wshare, the size of the logical
volume 10extent, each extent as 8Mib, and mount /mnt/wshare using vfat for this new
logical volume.
###################################################################################
##############################
RHCE Exam:
1. Configure NFS service as /mnt/storage directory that will be shared with read
and write perms to domain example.com, root can access the share(!). Share this
directory to cracker.org domain users read-only.
#vim /etc/exports
#/mnt/storage *.example.com(rw,sync,no_root_squash)
#/mnt/storage *.cracker.org(ro,sync)
#vim /etc/hosts.allow
sshd: .example.com
#vim /etc/hosts.deny
sshd: ALL
5. Establish vsftp server, so that only user1 allows access and can not jump out of
the home directory. Upload and download is allowed by example domain users.
###################################################################################
###########################################
Compulsory 1:(T01) the examiner can log into your system as root using th password
"A9b7#Eq.*". The home directory must be /root.
#passwd root
Compulsory 2:(T02) ping 192.168.0.254 is successful, and your system uses static
networking as described in /root/network.txt.
#vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server12.example.com
#vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
#startx
#/etc/init.d/NetworkManager restart
#chkconfig NetworkManager on
#system-config-network &
#dig instructor.example.com
#vi /etc/yum.repo.d/intructor.repo
[base]
name=base
baseurl=http://instructor.exmaple.com/pub/rhel6/dvd
gpgcheck=0
#yum list
#yum -y install dialog
#vi /etc/sysconfig/selinux
SELINUX=enforcing
#reboot
#touch /etc/sysconfig/iptables
#service iptables start
#chkconfig iptables on
#mkdir /mnt/iso
#vi /etc/fstab
/root/examine.iso /mnt/iso iso9660 loop,defaults 0 0
.Some users home directory is shared from your system, using showmount -e localhost
command, the share directory is not show, make access the share users home
directory.
.Find the files which ownership is lucy, and copy files to /tmp/findfiles.
#mkdir /tmp/findfiles
#find / -user lucy -exec cp -ar {} /tmp/findfiles \;
.In your system is a logical volume created named as common under vol0 volume group
and is mount on /common, The initial size of that volume is 124MB, make
successfully that the size of logical volume 190MB without losing any data. The
size logical volume 160MB-200MB will be acceptable.
#df -h /common
#pvdisplay to findout PE size
#lvextend -L 190M /dev/mapper/vgsrv-common
#resize2fs /dev/mapper/vgsrv-common
#df -h to verify
.In your system has another logical volume is create name as shrink under vol0
volume group and is mount /shrink, The initial size of that valume is 320MB shrink
successfully that the size of logical volume 200MB without losing any data, pay
attention the size logical volume 192MB-240MB will be acceptable.
#df -h /shrink
#pvdisplay to verify PE size
#umount /shrink
#e2fsck -f /dev/mapper/vgsrv-shrink
#resize2fs /dev/mapper/vgsrv-shrink 200M
#lvreduce -L 200M /dev/mapper/vgsrv-shrink
#mount /shrink
#df -h to verify
.Make a swap partition have 512MB, make automatically useable at system boot time.
#fdisk -l
#fidsk /dev/vda
p -> n ->t(82)>w
#partx -a /dev/vda
#mkswap /dev/vdaX
#vi /etc/fstab
/dev/vdaX swap swap defaults 0 0
#swapon -a
#swapon -s
#groupadd admin
#usradd -G admin mary
#passwd mary
#useradd -G admin alice
#passwd alice
#useradd -s /sbin/nologin bobby
#passwd bobby
#mkdir /common/admin
#chgrp admin /common/admin
#ls -ld /common/admin
#chmod g+rwx /common/admin
#chmod g+s /common/admin
#cd /tmp
#yum install -y lftp
#lftp instructor.exmaple.com (cd pub/updates ->get kernel-*.rpm)
#rpm -ivh kernel*.rpm
#vi /boot/grub/grub.conf
#reboot
#vi /etc/sysctl.conf
#net.ipv4.ip_forward = 1
#sysctl -p
.Set up default loacl print queue to forward jobs to the IPP(CUPS) print queue
printerX on instructor.example.com, where X is your server number. Configure the
printer as a "Generic--text-only" print queue.
.The user mary must configure a cron job that runs daily at 14:23 local time and
execute -- /bin/echo "Hello World.".
#crotable -e -u mary
23 14 * * * /bin/echo “Hello World.”
.Bind to the ldap domain provided by 192.168.0.254 for user authentication. Note
the following:
-- ldapuserX should be able to log into your system, where X is your server number,
but will not have a home directory until you have completed autofs requirement
below.
-- All LDAP user have a password of "password".
system-config-authentication &
.Configure autofs to automount the home directory of NIS users. Note the following:
-- instructor.example.com(192.168.0.254) NFS-exports /home/guests/ldapuserX to your
system, where X is your server number.
-- ldapuserX home directory is instructor.example.com:/home/guests/ldapuserX.
-- ldapuserX home directory should be automounted locally beneath
/home/guests/ldapuerX.
-- home dierctories must be writable by their users.
-- While you are able to log in as any of users ldapuser1 through ldapuser20, the
only home directory that is accessible from your system is ldapuserX.
#vi /etc/auto.master
/home/guests /etc/auto.ldap
#vi /etc/auto.ldap
ldapuser12 -rw instructor.example.com:/home/guests/ldapuser12
#service autofs stop
#service autofs start
#chkconfig autofs on
#system-config-date &
#ntpq -p
#vi /etc/hosts.allow
sshd: .example.com
#vi /etc/hosts.deny
sshd: .remote.test
.Export your /common directory via NFS to the example.com domain only.
#vi /etc/exports
/common *.example.com(ro,sync)
#service nfs restart
#chkconfig nfs on
#showmount -e 192.168.0.100
#mkdir /mnt/iscsi
#iscsiadm -m discovery -t st -p 192.168.0.254
Log in to the target using the name displayed in discovery:
#iscsiadm -m node -T <iqn> -p 192.168.0.254 -l
#fdisk -l
#fdisk /dev/sda1
#mkfs.ext4 /dev/sda1
#blkid to see UUID
#vi /etc/fstab
UUID= /mnt/iscsi ext4 _netdev 0 0
.Extend your web server to include a virtual host for the site
http://wwwX.example.com/, where X is your server number, then perform the following
steps:
-- Set the DocumentRoot to /var/http/virtual.
-- Download ftp://instructor.example.com/pub/rhce/www.html.
-- Rename the downloaded file to index.html.
-- Place this index.html in the DocumentRoot of the virtual host.
-- Do NOT make any modifications to the content of index.html.
-- Ensure that harry is able to create content in /var/http/virtaul.
Note: The original web site http://serverX.example.com must still be accessable,
DNS resolution for the hostname wwwX.example.com is already provided by the name
server on instructor.example.com.
-- Create a directory /var/http/virtual/limited, limit access to only local users,
non-local user prohibited access.
#mkdir -p /var/http/virtaul/limited
#chcon -R -t httpd_sys_content_t /var/http
#cd /var/http/virtaul
#wget ftp://instructor.example.com/pub/rhce/www.html
#mv www.html index.html
#vi /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/http/virtaul
ServerName www12.example.com
<Directory "/var/http/virtaul/limited">
Options indexes
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from localhost
Allow from www12.example.com
Allow from server12.example.com
</Directory>
</VirtualHost>
#useradd harry
#setfacl -R -m u:harry:rwx /var/http/virtaul
.Configure an email alias to your MTA such that mail sent to harry is received by
the local user mary.
#vi /etc/postfix/main.cf
myhostname = server12.example.com
mydomain = example.com
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
#service postfix restart
#mail -vs “title” harry@server12.example.com
#chmod +x /root/program
#vi /root/program
#!/bin/bash
if [ “$1” == “kernel”]
then
echo “user”
elif [ “$1” == “user”]
then
echo “kernel”
else
echo “usage:/root/program kernel|user”
fi
1.Configure an SSH server with access limited to the local network. Create local
usersnamed katie and dickens. Limit SSH access on that server only to user katie.
2.Configure a Samba server. Share a directory named /food with user dickens. Share
asecond directory named /book limited to users tim and stephanie.
3.Set up a vsFTP server with access limited to the server1.example.com and the
physicalhost system.
4.Set up a local NTP server, accessible to the local network.
5.Configure an NFS server to share the /home directory only with the physical host
system.
6.Configure Apache with two secure web sites on the same virtual server. Call those
websites shost1.example.com and shost2.example.com. Create and configure an
appropriateSSL key for those web sites.
7.Configure a local caching nameserver, and set up the local system to use that
nameserver.
8.Create a script that backs up all files from the /home directory on a daily
basis.
9.Create an RPM from a single file. Use the README file in
the/usr/share/doc/tcp_wrappers-7.6 directory. Set up the RPM with a package name of
tcpwrapdoc, version 1.0. When installed, it should write the README file to
the/opt/tcpwrap directory.
10.Configure IPv4 and IPv6 forwarding on the local system.
11.Set up system activity reports to run the related accounting tool every five
minutes.
12.Configure the server1.example.com system as a logging server. Configure
thetester1.example.com system (or the physical host system) as a logging client.
13.Configure the server1.example.com system as a Kerberos client on the
example.comdomain, with a KDC and administrative server of the physical host
system.
14.Set up an Apache web server with two regular virtual hosts. Set it up on
URLstest1.example.com and test2.example.com. Create and use the /web subdirectory
for this purpose. Include appropriate index.html files, with contents for each URL.
15.Set up a shared subdirectory named cubs on that Apache web server, accessible to
userselizabeth and fred. Limit access to the local network.
16.Configure the system to work with a CGI application, accessible on
thetest1.example.com system. For that purpose, you may use the following code in
anappropriate CGI script. Call it the good.pl file.
#!/usr/bin/perlprint "Content-type: text/html\n\n";print "Good Job!\n";
17.Set up an FTP server that supports only anonymous access, even from outside your
LAN.Do not allow access from any regular users, even if the ftp_home_dir boolean is
on.
18.Configure a caching-only DNS server that forwards requests to the physical host
system.
19.Set up a local SMTP server that supports access limited to systems on the local
network.
20.Configure an SSH server for user mike on the server1.example.com system.
Configure password-free access, with passphrases, using key-based authentication
from a remotesystem, either tester1.example.com or the physical host. Use the
following passphrase:
Linux rocks, Windows does not.
21.Set up masquerading from the network with server1.example.com to outside
networks,using the IP address of the physical host system.
22.Configure a Samba server to share user home directories.
23.Configure two NTP servers, one as a peer, the second as a regular server.
24.Set up the system to avoid responding to the ping command.