RHCE EXAM MODEL Q.PAPER AND ANSWERS

Duration: 3 hours

SECTION 1--- Troubleshooting and System Maintenance Start your pc in Single usermode and set one password for user root . (No dictionary word,Min.8Char.) The System loaded to graphics mode manually. Then, you saw a Question paper link in Dektop and Open that link. Sometimes Graphical mode is in error. Then you login your pc in text mode #vi /etc/inittab line no. 18 id:5:initdefault remove # symbol of the last line(by default no #symbol)

:wq #service xfs restart #chattr -i /etc/X11/xorg.conf #system-config-display Open terminal in Graphics mode and type ‘hostname’ command for checking your machine hostname

1. The examiner can log into your system as root using the password uX4L7jWR.

The home directory must be /root.

Ans: #pwconv

‘passwd ‘command for changing root password 2. ping 192.168.0.254 is successful, and your system uses static networking as described in /root/network.txt

Ans: #cat /etc/network.txt Then read ip,subnet mask,gateway and dns addresses type system-config-network enter ip,subnet mask and gateway apply ok #vi /etc/resolv.conf nameserver <dns ip address> :wq #service network restart

3. dig server1.example.com successfully resolves that hostname using DNS

Ans: its dns problem. Already configured in 2nd questn. 4. Your system has a new 300MB partition mounted under /mnt/policy with a 300MB ext3 filesystem. Note: because partition sizes are seldom exactly what is specified when they are created, anything within the range of 275 to 375MB is acceptable .

Ans: fdisk –l fdisk /dev/hda type ‘n’ buttonenter first cylindersize: enter last cylindersize:+300M enter type ‘w’ for save and exit #partprobe #mkfs.ext3 /dev/hda10(new partition) #mkdir /mnt/policy #vi /etc/fstab

type /dev/hda10 /mnt/policy auto defaults 0 0 :wq #mount –a #df (display mounted partition size information)

5.Services:(T05) the requirement described in /root/services is met

Ans: #cat /root/services #vim /etc/exports

/documents *(rw,sync) :wq #service portmap restart #service nfs restart 6.Wildcard:(T06) the requirement described in /root/wildcard is met

Ans: #cat /etc/wildcard #vim /etc/fstab edit home entry line.

/dev/hda10 /home auto defaults,usrquota 0 0 :wq #mount –o remount /home #mount #quotacheck –c /home #quotaon /home 7.Storage:(T10) the requirement described in /root/lvm is met

Ans: #cat /root/services #lvdisplay umount logical volume #lvextend -L+80M /dev/vol/homevol #resize2fs /dev/vol/homevol mount logical volume

SECTION2--- Installation and Configuration

1.Install the dialog RPM package using YUM. (optional) YUM ftp://server1.example.com/pub/Server

Ans: #cd /etc/yum.repos.d #cp rhel-deguginfo.repo abc.repo #vim abc.repo change ‘base url’ line and enabled yum

baseurl=ftp://server1.example.com/pub/Server enabled = 0 1 (change to 1)

:wq #yum install dialog*

2. Create the following users, groups, and group memberships: A group named usergroup A user who tony belongs to usergroup as a secondary group A user paula who also belongs to usergroup as a secondary group A user mario who does not have access to an interactive shell on the system, and who is not a member of usergroup

tony, paula, and mario should all have the password of password

Ans : #groupadd usergroup #useradd tony #useradd paula #gpasswd -a tony usergroup #gpasswd -a paula usergroup #useradd -s /bin/nologin Mario #passwd tony New password: password Retype password: password 3. Create a collaborative directory /common/usergroup with the following characteristics: Group ownership of /common/usergroup is usergroup The directory should be readable, writable, and accessible to members of usergroup, but not to any other user. (It is understood that root has access to all files and directories on the system.) Files created in /common/usergroup automatically have group ownership set to the usergroup Group

Ans: mkdir /common/usergroup chgrp usergroup /common/usergroup chmod 2770 /common/usergroup 4. Install the appropriate kernel update from ftp://server1.example.com/pub/updates. The following criteria must also be met: The updated kernel is the default kernel when the system is rebooted The original kernel remains available and bootable on the system

Ans: #ftp server1.example.com

Login: anonymous

password: <none>

ftp> cd pub/updates

#ftp>ls

#ftp>get <kernel RPM name>

#ftp>bye

#ls

#rpm –ivh <kernel RPM name>

OR

#rpm -ivh ftp://server1.example.com/pub/updates/kernel*

Then

#vi /etc/grub.conf

Change ‘default’ is 0

:wq 5. Enable IP forwarding on your machine.

Ans: #vi /etc/sysctl.conf

line no.7 net.ipv4.ip_forward=0 --- 1 (change to 1)

:wq 6. Set up thedefault local print queue to forward jobs to the IPP (CUPS) print queuestationxonserver1.example.com, where x is your station number. Configure this printer as ‘Generic-text’ only print queue. Note: The queue stationx on server1 dumps print jobs into the file http://server1/printers/stationx. This file can be examined to confirm that you have configured the print queue correctly.

Ans: Open new terminal type ‘service cups restart’enter

type ‘system-config-printer’enterclick ‘New Printer’type printer name as

‘station4’forward

select ‘internet printing protocol’ and type Hostname and Domainname

Hostname= server1.example.com Printername= station4

forwardselect ‘Generic’forwardselect’Text Only’ from

ModelsforwardApply

Select printer name(station4) in side bar click ‘Make Default Printer’ and ‘Print

test page’

close

#service cups restart

#chkconfig network on

#chkconfig cups on

7. The user tony must configure a cron job that runs daily at 16:45 local time and executes /bin/echo ciao

Ans: #crontab -e -u tony 45 16 * * * /bin/echo ciao :wq #service crond restart #chkconfig crond on 8. Bind to the NIS domain GELATO provided by 192.168.0.254 for user authentication. Note the following: nisuserx should be able to log into your system, where x is your station number, but will not have a home directory until you have completed the autofs requirement below All NIS users have a password of password

Ans: #authconfig-tui click ‘Use NIS’Next type Domain name and server address Domain GELATO Server 192.168.0.254 ok

login your user (eg:username is nisuser10,if your station no. is 10) and password is password

we can’t get home directory 9. Configure autofs to automount the home directories of NIS users. Note the following: server1.example.com (192.168.0.254) NFS-exports /rhome/stationx to your system, where x is your station number nisuserx's home directory is server1.example.com:/rhome/stationx/nisuserx nisuserx's home directory should be automounted locally beneath /rhome as /rhome/nisuserx home directories must be writable by their users While you are able to log in as any of the users nisuser1 through nisuser20, the only home directory that is accessible from your system is nisuserx.

Ans: #vi /etc/auto.master move to end line and type /rhome /etc/auto.misc

:wq #vi /etc/auto.misc move to last line and type this nisuser10 - -rw,sync 192.168.0.254:/rhome/station10/nisuser10

:wq #service autofs restart #chkconfig autofs on Login your user ,then we get home directory of that particular user

10. Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so that the file /var/tmp/fstab is owned by the root user. the file /var/tmp/fstab belongs to the group root. the file /var/tmp/fstab should not be executable by anyone. the user tony is able to read and write /var/tmp/fstab the user paula can neither write nor read /var/tmp/fstab all other users (current or future) have the ability to read /var/tmp/fstab.

Ans: #cp /etc/fstab /var/tmp #ls - l /var/tmp/fstab #setfacl –m u:tony:rw /var/tmp/fstab #setfacl –m u:paula:0 /var/tmp/fstab #chmod 644 /var/tmp/fstab #umask 022

11.Configure your system so that it is an NTP client of server1.example.com

Ans: Open terminal type ‘system-config-date’

select ‘Network Time Protocol’click ‘enable network time protocol’delete all

entries

click ‘Add ‘buttontype ‘server1.example.com’and click ‘enter’ button

Then click ‘show advanced option’ enable ‘synchronize system clock before

starting service’

and disable ‘use local time source’ ok

RHCE (Network Services and Security) Requirements

SELinux must be running in Enforcing mode. We are using two Networks in this section. Networks and dns names are mentioned below

192.168.0.0/255.255.255.0 – example.com 192.168.1.0/255.255.255.0 – my133t.org 1.Configure SSH access as follows: paula has remote SSH access to your machine from within example.com Clients within my133t.org should NOT have access to ssh on your system

Ans: #service sshd restart #iptables -A INPUT -p tcp -s 192.168.1.0/255.255.255.0 - -dport 22 -j REJECT #service iptables save #service iptables restart

OR #vi /etc/hosts.allow sshd:192.168.0.0/255.255.255.0 :wq #vi /etc/hosts.deny sshd:192.168.1.0/255.255.255.0

:wq #chkconfig sshd on 2.Configure POP3 email on your system according to these criteria: mario must be able to retrieve email from your machine using POP3 from within example.com Clients within the my133t.org domain should not have access to your POP3 service

Ans: #service sendmail restart

#iptables -A INPUT -p tcp -s 192.168.1.0/255.255.255.0 - -dport pop3 -j REJECT

#chkconfig sendmail on 3.Configure FTP access on your system: Clients within the example.com domain should have anonymous FTP access to your machine Clients outside example.com should NOT have access to your FTP service

Ans: #service vsftpd restart #vi /etc/hosts.deny vsftpd:ALL EXCEPT 192.168.0.0/255.255.255.0 :wq #chkconfig vsftpd on 4.Share the /common directory via SMB: Your SMB server must be a member of the STAFF workgroup The share's name must be common The common share must be available to example.com domain clients only The common share must be browseable paula must have read access to the share, authenticating with the same password password, if necessary

Ans: #service smb restart #vi /etc/samba/smb.conf Line no. 74 Change Workgroup name workgroup = STAFF copy and then paste last 7 lines using ’yy -- p’ command Changes:- [common] comment = public stuff path = /common valid users = paula public = yes

browseable = yes writable = yes hosts allow = 192.168.0. 127. :wq

#smbpasswd -a paula New smb password: password Retype New smb password: password #service smb restart #chkconfig smb on

5.Implement a web server for the site http://stationX.example.com, then perform the following steps: Download ftp://server1.example.com/pub/rhce/station.html Rename the downloaded file to index.html Copy this index.html to the DocumentRoot of your web server Do NOT make any modifications to the content of index.html

Ans: #service httpd restart #cd /var/www/html #ftp server1.example.com login:anonymous password: <none> ftp>cd pub/rhce

ftp>get station.html ftp>bye #mv station.html index.html #vi /etc/httpd/conf/httpd.conf move to line no. 972 #NameVirtual Host *:80 remove # symbol and change * to your pc ip address eg: NameVirtualHost 192.168.0.12:80 copy last 7 lines and paste Remove all # symbols of these lines Changes: <Virtual Host 192.168.0.12:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html server Name station12.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </Virtual Host> :wq #service httpd restart #chkconfig httpd on Open Mozilla Web Browser type http://station12.example.com enter 6.Export your /common directory via NFS to the example.com domain only. Note: because you will not have root access, you will not be able to directly mount your exported /common directory using your guest account on the system provided for testing. However, the automounter on the system has been configured such that it will automount your /common directory under /home/guestx/nfs/stationx, where x is your station number. Consequently, successful execution of ls /home/guestx/nfs/stationx indicates that the automounter was able to automount your NFS share.

Ans: #vi /etc/exports /common 192.168.0.0/255.255.255.0(rw,sync) :wq #exportfs #service portmap restart #service nfs restart #chkconfig portmap on #chkconfig nfs on 7.Configure an email alias for your MTA such that mail sent to admin is received by the local user tony.

Ans: #vi /etc/aliases

admin: tony

:wq

#newaliases

8.Configure SMTP mail service according to the following requirements:

Your mail server should accept mail from remote hosts and localhost paula must be able to receive mail from remote hosts Mail delivered to paula should spool into the default mail spool for paula, /var/spool/mail/paula

Ans: #vi /etc/mail/sendmail.mc

Line No.116

Type dnl in front of the line

Eg: dnl DAEMON_OPTIONS …..

:wq

#make -C /etc/mail

#service sendmail restart

#chkconfig sendmail on

.Additional RHCE Requirements

1. Provide SSL-encapsulated IMAP access (IMAPS): IMAPS must be available to mario from example.com IMAPS must NOT be available to other networks or domains. The SSL certi_cate for the IMAPS server must be created as follows: Use the defaults for Country, State, Locality, and Organization Name Set Organizational Unit to GLS Set Common Name to stationx.example.com Set Email Address to root@stationx.example.com

Ans: #cd /etc/pki/tls/certs make dovecot.pem

set Organizational Unit name to GLS, Common Name to station12.example.com and Email Address to root@station12.example.com

Don’t change other entries #vi /etc/dovecot.conf Line No.17

Remove # symbol,IMAP and POP3s Correct Line:- protocols = IMAPs POP3 Line No. 87 & 88 Remove # symbols ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem ssl_key_file = /etc/pki/dovecot/private/dovecot.pem :wq #vi /etc/hosts.deny dovecot : ALL EXCEPT 192.168.0.0/255.255.255.0

:wq

#service dovecot restart

#chkconfig dovecot on 2.Implement a web proxy server bound to port 8080. Clients within example.com should have access to your proxy server Clients outside of example.com should NOT have access to your proxy server

Ans: #service squid restart #vi /etc/squid/squid.conf Line No:73 http port 3128 change to 8080 Line No.2394 Copy the line and paste acl hello src 192.168.0.0/255.255.255.0 Line No.2527 & 2528 Change to http_access allow hello http_access deny all :wq #chkconfig squid on 3.Extend your web server to include a virtual host for the site http://wwwx.example.com/, where x is your station number, then perform the following steps: Set the DocumentRoot to /var/www/virtual Download ftp://server1.example.com/pub/rhce/www.html Rename the downloaded file to index.html Place this index.html in the DocumentRoot of the virtual host Do NOT make any modi_cations to the content of index.html Ensure that paula is able to create content in /var/www/virtual Note: The original web site http://stationX.example.com must still be accessable. DNS resolution for the hostname wwwx.example.com is already provided by the name server on server1.example.com.

Ans: #mkdir /var/www/virtual

#cd /var/www/virtual

#ftp server1.example.com

Login:anonymous

Password:<none>

ftp>cd pub/rhce

ftp>get www.html

ftp>bye

#mv www.html index.html

#vi /etc/httpd/conf/httpd.conf

copy last 7 lines and paste Remove all # symbols of these lines Changes: <Virtual Host 192.168.0.12:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/virtual server Name www12.example.com

ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </Virtual Host> :wq #service httpd restart Open Mozilla Web Browser type http://www12.example.com enter

NOTE:PLEASE USE GRAPHICS MODE FOR WRITING RHCE EXAM

BEFORE REBOOTING, PLEASE VERIFY ALL CONFIGURED SERVICES ARE IN ‘START’

CONDITION

PREPARED BY: