RHCSA EXAM

*************************

RHCSA-VM configuration.txt:
*you have been provided a virtual box named as serverX.example.com (hint:where X is your
domain number)
* password for both virtual machine should be "Postroll"
*serverX.example.com provided with ip=172.25.X.10/255.255.255.0
*serverX.example.com are provided with gateway 172.25.254.254 & example.com dns domain
with the IP: 172.25.254.254

Before starting exam.

--> ping server-vm ip , desktop-vm ip and classroom.example.com

--> from server-vm ping base machine and server.
--> check hostname and IP address of server-vm and desktop-vm

#vim /etc/hostname
serverX.example.com
:wq
#/etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR= 172.25.5.11
PREFIX=24
BOOTPROTO=static
:wq

#systemctl restart NetworkManager.service

#rht-vmctl start server

#rht-vmctl view server

if the vm has set with multi-user.target then set it to graphical.target

#systemctl get-default --> to check the running target

#systemctl set-default graphical.target

---> mask the iptable servervice before starting exam.

#systemctl mask iptables.service

--> To break the root password do the following

#systemctl reboot
press "e" to edit
Go to end of the line "linux16" and type rd.break console=tty1 and press ctrl+x to boot.
#mount -o remount,rw /sysroot
#chroot /sysroot
#passwd root
#touch /.autorelabel
#exit
#exit

**Warning - SElinux targeted policy relabel is required.

Relabeling could take a very long time, depending a filesystem size & speed of hard drives.
One of the unit is in systed process is service for all services, and each service ends
with ".service" extention.

--> To change the system target do the following

#systemctl reboot and press "e" to edit and goto end of the line "linux16" type the following
entry.
systemd.unit=graphical.target then ctrl+x to boot the system

--->command mode to change the system target

#systemctl get-default ---> to check the present target mode

#systemctl set-default graphical.target ---> to make it permanent
#systemctl isolate graphical.target --> to make it temporarly available

1) configure Selinux
The machine should be running enforcing mode

Answer:

#getenforce ----> to check the selinux status

#vim /etc/sysconfig/selinux
SELINUX=enforcing
:wq

#setenforce 1 (Note: 0=permisive 1= enforcing)

usage: setenforce [ Enforcing | Permissive | 1 | 0 ]

Example:
[root@foundation3 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

2) create a new 100MB Physical partition mounted under /Gluster

(Note because partition sizes are seldom exactly what is specified when they are created, any
thing within the range of 70MB to 120MB is acceptable)

Answer:
#fdisk /dev/vdb
:n,:p,:1,:Enter,:+100M,:w
#partprobe /dev/vdb
#cat /proc/partitions
#mkfs.ext4 /dev/vdb1
#mkdir /Gluster

#vim /etc/fstab
/dev/vdb1 /Gluster ext4 defaults 0 0
:wq

#mount -a
#df -h

3) create a new 150MB swap partition f/s.

(Note because partition sizes are seldom exactly what is specified when they are created,
any thing within the range of 130MB to 170MB is acceptable)

Answer:

fdisk /dev/vdb
:n,:p,2:,Enter,+150M,t:82,:2,:w
#partprobe /dev/vdb
#cat /proc/partitions
#mkswap /dev/vdb2

#vim /etc/fstab
/dev/vdb2 swap swap defaults 0 0
:wq

#swapon /dev/vdb2
#free -m
#swapon -s ---> it will show the summary of swap configuration.

4) create a repositary for http://content.example.com/rhel7.0/x86_64/dvd

Answer:

#cd /etc/yum.repos.d
#ls
# rm -rf * --> remove any existing repo files.
#vim redhat.repo
[apps]
baseurl=http://content.example.com/rhel7.0/x86_64/dvd
gpgcheck=0
:wq

#yum clean all

#yum list all --> it should not list the rpm's in red colour.
#yum repolist --> to verfiy your repo file.

5) create the following user, groups, and group memberships:

--> A group named sysgrp
--> A user andrew who belongs to sysgrp as a secondary group
--> A user susan also belongs to sysgrp as a secondary group
--> A user sarah who does not have access to an interactive shell on system and who not a
member of sysgrp
--> susan,sarah, andrew password = "Postroll"

Anser:

#groupadd sysgrp
#useradd andrew
#useradd susan
#usermod -G sysgrp andrew
#usermod -G sysgrp susan
#useradd sarah
#usermod -s /sbin/nologin sarah
#passwd andrew
#passwd susan
#passwd sarah

6) create a collaborative directory /redhat/sysgrp with the following characteristics:

--> Group owneship of /redhat/sysgrpis sysgrp
--> The directory should be readbale,writable, and accessable to members of sysgrp,
but not to any other user.
(It is understood that root has access to all files and directories on the system.
--> Files created in /redhat/sysgrp automatically have group ownership set to the sysgrp group

Answer:
#mkdir -p /redhat/sysgrp
#chgrp sysgrp /redhat/sysgrp
#chmod 770 /redhat/sysgrp
#chmod g+s /redhat/sysgrp

7) Install the appropriate kernel update from http://content.example.com/rhel7.0/x86_64/errata

The following criteria must also be met:
-->The updated kernel is the default kerneal when the system rebooted.
-->The original kernel remains available and bootable on the system

Answer:

#vim /etc/grub.conf
#vim /etc/yum.repos.d/redhat.repo
[kernel]
baseurl=http://content.example.com/rhel7.0/x86_64/errata
gpgcheck=0
:wq

#yum clean all

#yum list all
#yum repolist
#yum install kernel -y
#cat /etc/grup.conf --> verify two kernel exist or not
8) Enable IP forwarding on your machine

[root@foundation3 ~]# vim /etc/sysctl.conf

# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1

:wq

[root@foundation3 ~]# sysctl -p

net.ipv4.ip_forward = 1

9) The user andrew must configure a cron job that runs daily at 14:23 local time and executes -
/bin/echo hiya

Answer:
#yum install cronie -y
#crontab -eu andrew
23 14 * * * /bin/echo hiya
:wq
#crontab -lu andrew --> to verify the crontab entries

#systemctl enable crond.service

#systemctl start crond.service

#vim /etc/crontab ---> to check the definaition of entries.

# For details see man 4 crontabs

# Example of job definition:

# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
#| | | | |
# * * * * * user-name command to be executed

10) Bind with LDAP used provided by classroom.example.com for userr authentication.
Note the following:-
--> The LDAP search base DN is dc=example,dc=com
--> The LDAP certificate file is
http://classroom.example.com/pub/EXAMPLE-CA-CERT
-->ldapuserX should be able to log into your system, whereX is your ServerX ((hint:where X is
your domain number),
but will not have a home directory, until you have completed the autofs requirement,
below all LDAP users have password of "password"
LDAP Answer
---------

Leight weight directory access portal

Port-389
Package Name= Auth*
service Name= sshd
Tool= system-config-authentication

Addition requirements:
1) autofs:package/service

LDAPS;- Secured LDAP.

TLS: Transport layer security protocal

yum install auth* -y

yum install sssd -y

system-config-authentication

Click on Identify & Authentication

click on User Account Database " LDAP" under User Account Configuration.
LDAP search Base DN: dc=example,dc=com
LDAP Server ldap://classroom.example.com
select the box Use TLS to encrypt connections

Note: if you use ldaps://classroom.example.com then no need to select TLS encrpt connections.

click on Download CA Certificate

certificate URL: http://classroom.example.com/pub/EXAMPLE-CA-CERT
Authentication Method - LDAP Password
click on Apply.

Start the services manually

#systemctl enable sssd.service
#systemctl start sssd.service

To check the

#showmount -e classroom.example.com

#getent passwd ldapuserX ( if your LDAP is configured properly then you will get output)

#firewall-cmd --permanent --add-service=ldap

#firewall-cmd --reload
#firewall-cmd --list-services

11) configure autofs to automount the home directories of LDAP users,

Note the following:
-->classroom.example.com (172.25.254.254), NFS-exports /home/guests to your system,
whereX is your server Number.
-->LDAP userX's home directory is classroom.example.com:/home/guests/ldapuserX
-->LdapuserX's home directory should be automounted locally beneath /home as
/home/guests/ldapuserX
-->home directories must be writable by their users
-->while you are able to login as any of the users ldapuser1 through ldapuser20 the only home
directory that is accessible from
your system is ldapuserX.
Example:- classroom.example.com would configure the automaster such that ldapuser100's
home directory /home/guests/ldapuserX gets mounted automatically upon login. The NFS share
would be classroom.example.com:/home/guests/ldapuser100

#yum install autofs -y

#vim /etc/auto.master
make the following entry under /misc
/home/guests /etc/auto.misc
:wq
#vim /etc/auto.misc
ldapuserX -rw classroom.example.com:/home/guests/ldapuserX
:wq

#systemctl enable autofs.service

#systemctl start autofs.service
#systemctl is-enabled autofs.service --> To check if its enabled/disabled
#su - ldapuser5
exit

12) Configure your system so that it is an NTP client of classroom.example.com

#yum install chrony

#systemctl enable chronyd.service
#systemctl start chronyd.service

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server classroom.example.com ibrust

:wq

#systemctl status chronyd.service

#chronyc sources -V --> to check the reach level

13) copy the file /etc/fstab to /var/tmp

configure the permission of /var/tmp/fstab so that
the file /var/tmp/fstab is owned by the root user, belongs to the group root
should not be executable by anyone.
The user andrew is able to read & write /var/tmp/fstab
The user susan can neighter write nor read /var/tmp/fstab
All other users (current or future) have the ability to read /var/tmp/fstab.
Answer:

#cp /etc/fstab /var/tmp/

#cd /var/tmp/
#ls fstab
#setfacl -m u:andrew:rw /var/tmp/fstab
#setfac; -m u:susan:--- /var/tmp/fstab
# getfacl /var/tmp/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/tmp/fstab
# owner: root
# group: root
user::rw-
user:andrew:rw-
user:susan:---
group::r--
mask::rw-
other::r--

14) Resize the logical volume, logical-data and it filesystem to 400MB.

Make sure that the filesystem contents remain intact.
(Note: partitions are seldom exactly the size requested,so any thing within the range of
370MB to 430MB is acceptable)

#umount /datasource
#e2fsck -f /dev/datacontainer/datacopy
#resize2fs /dev/datacontainer/datacopy 400M
#lvreduce -L 400M /dev/datacontainer/datacopy
#mount -a

15) Add the user talusan with userid 2985

find the file which owned by user julice and copy the file into /root/findresults directory.

Answer:

#useradd -u 2985 talusan

#id talusan
#useradd julia
#mkdir /root/findresults
#find / -user julia -exec cp {} /root/findresults \;

16) create a new physical volume, create a new volume group in the name of datacontainer, vg
extent is 16.00MB
create a new logical volume in the name of datacopy with the size of 50 extents and file
system must vfat then
mount it under /datasource

Answer:

#fdisk /dev/vdb
:m,:n,:p,:3,Enter,:+900M,:t,:8e,:w
#partprobe /dev/vdb
#pvcreate /dev/vdb3
#vgcreate -s 16M datacontainer /dev/vdb3
#lvcreate -l 50 -n datacopy datacontainer
#lvs
#mkdir /datasource
#mkfs.vfat /dev/datacontainer/datacopy

#vim /etc/fstab
/dev/datacontainer/datacopy /datasource vfat defaults 0 0
:wq
#mount -a

17) create an archive file /root/local.tgz for /usr/local. it should be compressed by gzip.

Answer:

#tar -czvf /root/local.tgz /usr/local/

18) search the string sarah in the /etc/passwd file and save the output in /root/lines

#grep sarah /etc/passwd > /root/lines