Exam Practice rhcsa 6

Question 1

password recovery

Answer 1

- go to single usermode with the help of grub
#passwd

Note:- if the command does not execute
#lokkit --disabled
#lokkit --selinux=permissive
#passwd

Question 2

set ip,dns,netmask,gateway

Answer 2

#setup
Select network configuration and then set the IP, dns, netmask, gateway
#service network restart

Question 3

create yum client base url

Answer 3

#vi /etc/yum.repos.d/Server.repo
[Server]
name=Server
baseurl=ftp://instructor.example.com/pub/rhel6/dvd/Server
enabled=1
gpgcheck=0

\:wq
#init 6   to reboot

After reboot check connectivity with Server
#ping 192.168.0.254
#nslookup instructor.example.com
#yum list
#yum repolist

Question 4

LVM Reduce

Resize your LVM /home to 150MB will range to (130M-160M)

Answer 4

#df -h
#lvdisplay   ***check the lvm partition***
#umount /home
#lvdisplay  ****check the name of lvm***
#e2fsck -f /dev/vgsrv/home
#resize2fs /dev/vgsrv/home 150M
#lvreduce -L 150M /dev/vgsrv/home
#df -h  **** You will not find the partition****
#mount /dev/vgsrv/home /home
#df -h

Question 5

LVM Extend

Resize your LVM /home to 250 will range to (230M-260M)

Answer 5

#lvextend -L 250M /dev/vgsrv/home
#resize2fs /dev/vgsrv/home
#df -h

Question 6

LDAP
Example
Configure an ldap client, where your ldap server is instructor.example.com
LDAP Base DN: (dc=example,dc=com).
Authenticate your ldap server using the certificate
(ftp://instructor.example.com/pub/EXAMPLE-CA=CERT)
You should be able to login as ldapuserX via LDAP. This configuration must be persistant after restart. You will get the home directory only after solving automount question.

Answer 6

#yum groupinstall directory-client
#system-config-authentication

Note: dialog box will open in that

Enter details
User Account Dattabase = LDAP
LDAP Search Base DN = dc=example,dc=com
LDAP Server = ldap://instructor.example.com
Check mark TLS and then click download certificate and give the path
ftp://instructor.example.com/pub/EXAMPLE-CA-CERT

authentication Method = LDAP

Apply the setting

Check LDAP
#getent passwd ldapuserX
#su ldapuserX
$exit

Question 7

NTP, configure your NTP server as instructor.example.com

Answer 7

system-config-date

check mark Synchronize date and time over network. Remove all the NTP SERVER and click ADD and type
Instructor.example.com

Press Enter and press OK

Question 8

Automount LDAP
Configure automount in such a way that the ldapuserX’s home directory in instructor.example.com:/home/guests/ldapuserX should be mounted as local directory /home/guests/ldapuserX when ldapuserX logs in. This configuration must be persistant after restart password for ldapuser is “password”

Answer 8

#rpm -qa autofs
#vim /etc/auto.master  
Below /misc add the line
/home/guests /etc/auto.misc

:wq

#vim /etc/auto.misc
Below CD line OR end of the script add the line:
ldapuserX -rw,soft,intr instructor.example.com:/home/guests/ldapuserX

:wq!

#service autofs stop
#service autofs start
#su - ldapuserX
#df -h

Question 9

Kernel Installation update

Install new kernel from UDATE dir on Server. boot the system with the new kernel

Answer 9

#yum install lftp
#lftp 192.168.0.254
~>cd pub
~>cd UPDATE
~>mget *kern*
~> bye
#ls
#rpm -ivh kern[+TAB]
#vi /etc/grub.conf

Check the position of the new kernel if it is 1st position then defaults=0 if it is in 2nd position, the default=1

Question 10

Create a cron job which will run everyday at 1:30 for user harry

Answer 10

crontab -e -u harry

30 1 * * * /bin/ech “hiya”

Question 11

FTP anonymous

Create an ftp server in such a way that anonymous user can login & download from the directory /var/ftp/pub/downloads

Answer 11

#yum install vsftp*
#head -15 /etc/vsftpd/vsftpd.conf

Check anonymous_enable=YES

#tail -5 /etc/vsftpd/vsftpd.conf
check tcp_wrappers=YES

#mkdir -p /var/ftp/pub/downloads
#service vsftpd restart
#chkconfig --level 35 vsftpd on
#ftp 192.168.0.[100+x] check your VM IP

Question 12

HTTPD Page
Host a webpage on your hostname. Download the page to be hosted from (ftp://instructor.example.com/pub/web/station.html).
Do not make any modifications or changes to this file

Answer 12

#yum install http*
#lftp 192.168.0.254
~>cd pub/web
~>mget stat*
~>bye
#ls
#mv station.html /var/www/html/index.html
#service httpd restart
#chkconfig --level 35 httpd on
#restorecon -R /var/www/html
#elinks http://serverX.example.com

Also check with firefox

Question 13

Find

locate all files owned by user susan & copy them to /home/lost+found/

Answer 13

#find / -user susan -exec cp -vp {} /home/lost+found/ \;
#cd /home/lost+found
#ls

Question 14

grep
Search for the text ‘strato’ in the file /usr/share/dict/words & copy this file to a file /root/lines.txt. The new file should not have any blank spaces or lines.
The order of the names in the new file should be same as the order in which it appears in the original file

Answer 14

grep strator /usr/share/dict/words > /root/lines.txt

Question 15

LVM
Create a logical volume wshare from the volume group wgroup
The volume group should have extents of size 8MiB. The logical volume should have 50 extents. Mount this lvm as /mnt/lvm

Answer 15

fdisk /dev/vda (set an lvm partition to 500M

#partx -a /dev/vda
#pvcreate /dev/vda6
#vgcreate -s 8M wgroup /dev/vda6
#vgdisplay wgroup
#lvcreate -l 50 -n wshare wgroup
#lvdisplay /dev/wgroup/wshare
#mkfs.ext4 /dev/wgroup/wshare  

note use the right format based on the question

#mkdir /mnt/lvm
#vi /etc/fstab

/dev/wgroup/wshare /mnt/lvm ext4 defaults 0 0

#mount -a
#df -h
#init 6

Question 16

Set up a default configuration FTP server.

Block ftp connections from hackers.net

Answer 16

# yum install vsftpd
# chkconfig vsftpd on
# service vsftpd start
# vi /etc/sysconfig/iptables-config
IPTABLES_MODULES=”nf_conntrack_ftp nf_nat_ftp”
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 20 -j ACCEPT
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
# service iptables save
# service iptables restart
# vi /etc/hosts.deny
vsftpd: .hackers.net: DENY

Question 17

expire user’s account in one week

Answer 17

# date -d “+1week”
# usermod -e YYYY-MM-DD bob
or # chage -E YYYY-MM-DD bob
# chage -l bob

Question 18

Set up a default configuration webserver. In the index file, place the sentence “This is a test.”.
Make this webserver only accessible to your machine and server1.example.com.

Answer 18

# yum install httpd
# chkconfig httpd on
# service httpd start
echo “This is a test.″ > /var/www/html/index.html
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
# service iptables save
# vi /etc/httpd/conf/httpd.conf
Order allow,deny
Allow from 127.0.0.1 server1.example.com
# service httpd reload

Question 19

Add 100MB of swap space to your machine using a logical volume.

Answer 19

# lvcreate –name lv_swap2 –size 100M vg
# mkswap /dev/vg/lv_swap2
# swapon /dev/vg/lv_swap2
# vi /etc/fstab
/dev/vg/lv_swap2 swap swap defaults 0 0

Question 20

Expand the file system on /home to 2GB in size.

Answer 20

lvresize -r -L 2G /dev/vg/lv_home

Question 21

Set up a new 100MB logical volume. Encrypt the volume with LUKS and set it up to automatically decrypt and mount to /crypt at boot.
Use the ext4 filesystem and place an empty file in the root of the encrypted filesystem with a name of “test”.

Answer 21

# lvcreate –name crypt –size 100M vg
# mkdir /crypt
# cryptsetup luksFormat /dev/vg/crypt
# cryptsetup luksOpen /dev/mapper/vg-crypt crypt
# mkfs.ext4 /dev/mapper/crypt
# vi /etc/fstab
/dev/mapper/crypt /crypt ext4 defaults 1 2
# mount -a
# cryptsetup luksAddKey /dev/vg/crypt /etc/keyfile
# chmod 400 /etc/keyfile
# vi /etc/crypttab
crypt /dev/vg/crypt /etc/keyfile
# touch /crypt/test

Question 22

Set up a job to delete all of the regular files in the /home/bob directory on the second day of every month at 8:30 A.M.

Answer 22

# crontab -e
30 08 02 * * /bin/find /home/bob -type f -exec /bin/rm {} \;

Question 23

Install the appropriate kernel update from http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages.
The following conditions must also be met:
– the updated kernel is the default kernel when the system is rebooted.
– the original kernel remains available and bootable on the system.

Answer 23

# uname –r
# wget http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel*
# rpm –ivh kernel
# vi /etc/grub.conf
Check for default (0 or 1)

Question 24

Set up the automounter, and configure it to read the DVD on the /misc/dvd directory.

Answer 24

# yum install -y autofs
# vi /etc/auto.misc
dvd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
# service autofs start

Question 25

Create a file named dontcopy in the /root directory and make it impossible to back it up with the dump command.

Answer 25

# touch /root/dontcopy
# chattr +d /root/dontcopy

Question 26

Install the vsftpd package.

Copy the TUNING file coming with the package into the /root directory.

Answer 26

# yum install -y vsftpd
# rpm -ql vsftpd | grep TUNING
# cd /usr/share/doc/vsftpd…
# cp TUNING /root

Question 27

install a httpd server. Make it serve files from /www/html.

Write a file called index.html displaying “Hello world!“.

Answer 27

# yum groupinstall -y “Web server”
# yum install -y setroubleshoot-server elinks
# cp -rp /var/www/* /www
# cd /etc/httpd/conf
# sed -e “s:DocumentRoot \”/var/www/html\”:DocumentRoot \”/www/html\”:g” httpd.conf > httpd.conf2
# mv -f httpd.conf2 httpd.conf
# service httpd configtest
# echo Hello world! >/www/html/index.html
# semanage fcontext -a -t httpd_sys_content_t “/www(/.*)?”
# restorecon -r /www
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
# service iptables save
# chkconfig httpd on
# service httpd start
# elinks http://localhost

Question 28

Remove all the files from the /etc/yum.repos.d directory.
Set up a repository for the Base packages from (US)University of Oklahoma’s (http://mirror.oss.ou.edu/centos/) or (Germany)ATrpms’s (http://mirror.atrpms.net/centos/) or (China)Beijing Institute of Technology’s (http://mirror.bit.edu.cn/centos/) according to your geographical localization.

Answer 28

# cd /etc/yum.repos.d
# /bin/rm *
# vi local.repo
[base]
name=University of Oklahoma – Base
baseurl=http://mirror.oss.ou.edu/centos/$releasever/os/$basearch/
enabled=1
gpgcheck=0
# yum clean all
# yum repolist all

Question 29

Create a directory called project in /home.
Create two groups called admins and dbas with gid respectively 50001 and 50002.
Put andrew account into the admins group and steven account into the dbas group, each time as a secondary group.
Configure the project directory for group collaboration among members of the admins and dbas groups with no access for all other users.

Answer 29

# mkdir /home/project
# groupadd -g 50001 admins; groupadd -g 50002 dbas
# usermod -aG admins andrew
# usermod -aG dbas steven
# setfacl -m g:admins:rwx /home/project
# setfacl -m g:dbas:rwx /home/project
# setfacl -m o:— /home/project

Question 30

Configure a cron job for the root user to search for files named core in the /usr directory and delete them on every sunday at 11:55pm system time.

Answer 30

# crontab -e
55 23 * * 0 /bin/find /usr -name core -exec /bin/rm {} \;

Question 31

Create a script called cmd in the /root directory that displays “Zero” if no parameter is given, “One” if only one and “Several” if more than one.

Answer 31

# cd /root
# vi cmd
!#/bin/bash
case $# in
0) echo “Zero”;;
1) echo “One”;;
*) echo “Several”;;
esac
# chmod u+x cmd

Question 32

Allow ssh access only from the 192.168.1.0/24 network.

Answer 32

# iptables -I INPUT ! -s 192.168.1.0/24 -m tcp -p tcp –dport 22 -j REJECT
# service iptables save

Question 33

What command to get a synthetic view of the disk organization?

Answer 33

lsblk

Question 34

Write a Bash script called prog.sh in the /root directory that creates 40 files of 2MB each with the fallocate command in the mounted /xfs directory. Each file has got a name as follows: .file_N where N is a number from 1 to 40.

Answer 34

cd /root
vi prog.sh
#!/bin/bash

cd /xfs
N=40
while [ “$N” -gt 0 ]
do
fallocate -l 2M .file_$N
N=`expr $N – 1`
done
——————–
# chmod u+x prog.sh
# ./prog.sh

Question 35

Create a cron job running as root, starting at 11PM every day and writing a report on daily system resource consumption in the /var/log/consumption.log file.

Answer 35

# crontab -e
00 23 * * * /usr/bin/sar -A > /var/log/consumption.log