RHEL Installation & Firewall

Question 1

What is the program for installing RHEL?

Answer 1

anaconda

Question 2

How do you generate the kickstart file

Answer 2

1) Use the form at access.redhat.com/labs/kickstartconfig
2) Install a RHEL and collect the anaconda-ks.cfg file in root home

Question 3

How do you validate an anaconda file

Answer 3

ksvalidator filename.cfg

Question 4

Install ksvalidator

Answer 4

dnf install pykickstart

Question 5

How do you install virtualization on RHEL?

Answer 5

dnf group install “Virtualization Host”

Question 6

How do you install cockit?

Answer 6

dnf install -y cockpit-machines

systemctl enable --now cockpit

Question 7

What is the firewall solution on rhel 9?

Answer 7

firewalld

Question 8

Determine default firewalld zone

Answer 8

firewall-cmd --get-default-zone

Question 9

Display config of the current active zone

Answer 9

firewalld-cmd --list-all

Question 10

Add http service to current zone

Answer 10

firewall-cmd –add-service http

Question 11

Where are the standard stock zone files stored?

Answer 11

/usr/lib/firewalld/zones

Question 12

Add http service to current zone permanently

Answer 12

firewall-cmd –add-service http –permanent

Question 13

Write all the rules that are in memory to permanent

Answer 13

firewall-cmd --runtime-to-permanent

Question 14

Display config of the firewall zone called block

Answer 14

firewall-cmd --list-all --zone block

Question 15

Add a source to a zone

Answer 15

firewall-cmd --add-source  172.160.10.30 --zone block --permanent

Question 16

if a packet does not have a match for a zone, how is it handled?

Answer 16

It is handled by the default zone

Question 17

What are elements of a zone

Answer 17

target
interfaces
ports
sources
forward
protocols
source-ports
services
rich rules
forward ports

Question 18

How do I cause firewalld to consider a new service i just created

Answer 18

firewall-cmd --reload

Question 19

remove a service from the current zone

Answer 19

firewall-cmd –remove-service http –permanent

Question 20

Find out which interfaces and ports are associated with sshd process

Answer 20

netstat -plnt | grep sshd

Question 21

You changed sshd to use port 23 but it doesn’t work. why?

Answer 21

it does not have the appropriate selinux context.

Question 22

Find the port section of the sshd daemon in selinux db?

Answer 22

semalance port -l | grep ssh

Question 23

ssh is mapped to port 22, telnet is mapped to port 23. how do you get ssh to use port 23?

Answer 23

you do a port context modification so that ssh uses port 23 instead of port 22

Question 24

Change ssh port context to use port 23 instead of port 22

Answer 24

semanage port -m -t ssh_port_t -p tcp 23

Question 25

You want to run apache on port 82. what do you do?

Answer 25

1) Change config to use port 82
2) Start the server
3) Check status: systemctl status httpd
4) Notice error: could not bind bind to address 0.0.0.0:82
5) Check logs: sealert -a /var/log/audit/audit.log
6) Execute recommendation:
semanage port -a -t http_port_t -p tcp 82
7) firewall-cmd –add-port 82/tcp –permanent

Question 26

Find example of config in semanage db that uses http protocol

Answer 26

semanage port -l | grep http

Question 27

Open port 82 for apache in firewalld

Answer 27

firewall-cmd --add-port 82/tcp --permanent

Question 28

Where do you get RHEL binaries from

Answer 28

access.redhat.com

Question 29

What is a kickstart file

Answer 29

a file that allows anakonda to install rhel in a non-interactive way

Question 30

How do you secure the grub?

Answer 30

in kickstart file, supply a GRUB password

Question 31

After installation, where can i find the configuration that was used to install rhel?

Answer 31

/root/anakonda-ks.cfg

Question 32

How do you manage your vms on rhel

Answer 32

use virt cmd line tool or the web console

Question 33

How do you validate that you have all the prerequisites to run vms

Answer 33

virt-host-validate

Question 34

Provision a virtual machine

Answer 34

virt-install

Question 35

netfilter

Answer 35

framework for network traffic operations such as packet filtering, network address translation, and port translation

Question 36

nftables

Answer 36

1) replacement for iptables
2) packet classification framework
3) uses netfilter for rules enforcement

Question 37

Advantages of nftables

Answer 37

1) Usability
2) Efficient rule set
3) iptables required a rule for each protocol, but nftables rules can apply to both IPv4 and IPv6 simultaneously
4) iptables required using different tools, such as iptables, ip6tables, arptables, and ebtables, for each protocol

Question 38

Firewalld mapping process

Answer 38

source IP -> network Interface -> default zone

Question 39

runtime vs permanent vs reload

Answer 39

1) if you run a cmd with –runtime, you must run –permanent later
2) if you run it with –permanent, you must run –reload