RHCE Flashcards

1
Q

Check current rutes

A

route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

create a permanent rule to 172.168.1.0 using eth0

A

/etc/sysconfig/networ-scripts/route-eth0
172.168.1.0 via 192.168.1.100 dev eth0
restart interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Configure server as NAT

A
/etc/sysctl.conf --> net.ipv4_forward =1
sysctl -p --> to read changes
iptables:
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-t nat -I POSTROUTING -o eth0 -j MASQUERADE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

test NAT working from other server

A

make sure testing server uses the other as GW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

get list of wrappers

A

strings -f /usr/sbin/* | grep hosts_access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

allow all traffic from example.net, deny rest

A

host.allow:
ALL : .example.net (dont forget initial .)
host.deny:
ALL : ALL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

allow ssh from subnet 192.168.1.0 except 192.168.1.101

A

sshd : 192.168.1.0/255.255.255.0 EXCEPT 192.168.1.101 [or]

sshd : 192.168.1. EXCEPT 192.168.1.101

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

make an RPM that packages iptables.sh

A
install rpmdevtools
create folder package-1.0
compress folder
rpmdev-setuptree
rpmdev-newspec
rpmbuild --b -v SPECS/mytest.spec
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

test RPM package

A

rpm -ivh package

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

configure ISCSI init to 192.168.1.200

A

install iscsi-initiator-utils
iscsiadm -m discoverydb -t st -p host -D
make sure “iscsi”service is on
partition and mount as usual (fstab options = _netdev 0 0)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

make iscsi permanent and test after reboot

A

as any other ext4 drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

create a report that shows CPU, blah blah usage for the last 5 mins in intervals of 1m

A

sar -u 1 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

generate report from a sar log

A

sadf -d /var/log/sa/sa32

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

change sas data capture for 11pm

A

/etc/cron.d/sysstat and restart service and on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

configure 101 to send logs to 100

A

100: open ports tcp/udp 514
/etc/rsyslog.conf uncommend 4 ports entries
101:
/etc/rsyslog.conf: . @@blah.100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

test logger at 101

A

logger -p warn “textto”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

configure a Vhost www.mysite.com with root folder at /www/mysite/html

A

create folder and setup selinux permissions

create Vhost at httpd.conf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

test Vhost

A

make sure hosts entry is in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

create Vhost www.mysite2.com

A

nada

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

create a private directory denied to 101

A

order allow,deny
Allow ALL
Deny from 101

21
Q

make dir to prompt for password for user test2

A
add to Directory directive:
AuthType basic
AuthName "provate access"
AuthUserfile "whatever/.htpasswd"
Require valid-user
Create passw file:
htpasswd -c .htpaswd test2
22
Q

make mysite group folder for webdevs (add test2 to group)

A

chown and then chmod

23
Q

Deploy CGI app at mysite

A
create cgi-bin folder
create pl script:
print "Content-type: text/html\n\n";
print "Hello";
configure permissions for folder and file and selinux
add to Vhost directive:
ScriptAlias /cgi-bin/ /www/mysite/html/cgi-bin/
Options +ExecCGI
AddHandler cgi-script .pl .cgi
24
Q

configure a caching-only name server, allow only 101 to query

A

open tcp/udp 53
/etc/named.conf:
listen-on port localipaddress
allow-query { localshot; ..101; };

25
Q

configure it to forward DNS to 200

A

/named.conf :
forward only;
forwarders { 192.168.1.200; };

26
Q

configure an anonymous-only download ftp

A

/etc/vsftpd/vsftpd.conf:
anonyous_enable = yes
local_enable=no
anon_upload_enable=no

27
Q

create a file in pub and test from 101

A

lftp: wget bye

28
Q

deny ftp access to 101

A

host.allow ALL except 101, deny all

29
Q

test ftp from 101 and remove restriction

A

nada

30
Q

create and NFS share /shared belonguing to webdevs group

A
nfs-utils should be installed
/etc/sysconfig/nfs:
ucomment 4 port directives and take note
open ports:udp +111  tcp+2049,111
make sure setype= public_content_t
/etc/exports:
/shared ...101(rw) or *(rw)
31
Q

testit and make perm

A

exportfs -ra
showmount -e
mount.nfs4 -o rw 101:/shared /mnt
add to fstabb

32
Q

remove from fstabb and use automount for shared

A
/etc/auto.master:
/mnt /etc/auto.misc
/etc/auto.misc:
test2 -rw.soft,initr 101:/shared
restart autofs
33
Q

share home-dir in Samba

A

install samba
open ports udp:137,138 tcp:139,445
enable sebool
create samba user: smbpasswd -a user

34
Q

create /share2 for test2 and test it. prevent access from putonazo.
(user testparm to check sintax)

A
/etc/samba.smb.conf:
[share2]
valid users = test2
invalid users = putonazo
write list = test2
path = /share2
writeable = yes
create mask = 0775
35
Q

create webshare for webdevs

A
[webshare]
browseable = yes
path = /webshare
force group = +webdevs
valid users = @webdevs
write list = @webdevs
create mask = 0770
directory mask = 2770
36
Q

test access from 101 and test2, make permanent

A

smbclient -L ….100 -U test2
mkdir -p /webshare
mount.cifs -o rw,username=blah,password=blah //…100/webshare

37
Q

prevent access to share2 from 200 and user test2 read only

A

[webshare]
hosts deny = …200
read list = test2

38
Q

test and change to allow only 192.168.1.0 network

A

hosts allow = 192.168.1.

39
Q

configure postfix and deny user user@gmail.com and reject network 172.168.1.0 and accept from …101

A
open port 25
/etc/postfix/access:
user@gmail.com REJECT
172.168.1 REJECT
192.168.1.101 OK
postmap access
40
Q

redirect root emails to test2

A

/etc/aliases: root test2

newalisases

41
Q

configure to accept email from …101

A

/etc/postfix/main.cfg:
inte_interfaces = all
$myhostname,$mudomain, $myorigin

42
Q

test it from 101

A

telnet …100 25

43
Q

configure it to relay trought 200

A

main.cfg:

relayhost = …200

44
Q

Allow user hades sshd acess from 101 but not from 200 and deny devgroup

A

sshd_config:
AllowUsers hades @…101
DenyUsers @…200
DenyGroups devgroup

45
Q

alow ssh connection of user hades between 100 and 101 wich key

A

su - hades on both
ss-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub otherip

46
Q

test it

A

nada

47
Q

configure as NTP server

A

open port udp 123
remove from config:
nopeer noquery

48
Q

confgirue 101 to use 100 as ntp server

A

/etc/ntp.conf:

server my-ntp-server iburst