Решение типовых заданий RHCSA

Сертификация Red Hat Certified System Administrator (RHCSA) – начальная ступень сертификации, которая ориентирована на начинающих пользователей Linux/Unix, требующая, тем не менее, углубленных знаний устройства ОС RedHat. Для получения статуса RHCSA необходимо сдать один экзамен продолжительностью 2-3 часа, состоящий из 15-20 вопросов. По окончании экзамена виртуальная машина перезагружается, после чего на ней запускается скрипт, проверяющий правильность выполнения заданий в автоматическом режиме.

RHEL7

Install the Apache package. Allow it to get documents stored on NFS mounted directories.

$ yum install -y httpd
$ firewall-cmd –permanent –add-service=http
$ firewall-cmd –reload
$ systemctl enable httpd
$ systemctl start httpd
$ getsebool -a | grep nfs | grep httpd
$ setsebool -P httpd_use_nfs on

Extend the existing xfs file system to a total size of 200MB and add a label called myFS.

$ lvextend –size 200M -r /dev/vg/lv_xfs
or $ lvextend –size +100M -r /dev/vg/lv_xfs
$ umount /xfs
$ xfs_admin -L “myFS” /dev/vg/lv_xfs
$ mount /xfs

Assign the same SELinux contexts used by the home directories to the /xfs directory permanently.

$ yum install -y setroubleshoot-server
$ semanage fcontext -a -t user_home_dir_t “/xfs(/.*)?”
$ restorecon -R /xfs

Create two users: john with uid/gid equal to 2000, password 12345678 and davis with uid/gid equal to 3000, password 87654321. Make davis‘ account validity stopping in one month.

$ useradd -u 2000 john
$ passwd john
New password: 12345678
$ useradd -u 3000 davis
$ passwd davis
New password: 87654321
$ date -d “+1month”
$ usermod -e YYYY-MM-DD davis
or $ chage -E YYYY-MM-DD davis
$ chage -l davis

Allow davis (and only davis) to get full access to john‘s home directory.

$ setfacl -R -m u:davis:rwx /home/john

Create a directory named /common. Allow john and davis to share documents in the /common directory using a group called team. Both of them can read, write and remove documents from the other in this directory but any user not member of the group can’t.

$ mkdir /common
$ groupadd -g 50000 team
$ chgrp team /common
$ chmod 2770 /common
$ usermod -aG team john
$ usermod -aG team davis

Create a xfs file system on a new logical volume of 100MB called lv_xfs. Mount it permanently with uuid under /xfs.

$ lvcreate –size 100M –name lv_xfs /dev/vg
$ mkfs.xfs /dev/vg/lv_xfs
$ mkdir /xfs
$ blkid | grep lv_xfs >> /etc/fstab
$ vi /etc/fstab
UUID=… /xfs xfs defaults 1 2
$ mount -a

Write a Bash script called prog.sh in the /root directory that creates 40 files of 2MB each with the fallocate command in the mounted /xfs directory. Each file has got a name as follows: .file_N where N is a number from 1 to 40.

cd /root
vi prog.sh
$!/bin/bash

cd /xfs
N=40
while [ “$N” -gt 0 ]
do
fallocate -l 2M .file_$N
N=`expr $N – 1`
done

ИЛИ

$!/bin/bash

for N in `seq 40`
do
fallocate -l 2M /xfs/.file_$N
done
$ chmod u+x prog.sh
$ ./prog.sh

Create an ext4 file system on a new logical volume of 100MB called lv_ext4. Mount it permanently under the /ext4 directory. Copy the files previously created into this new space.

$ lvcreate –size 100M –name lv_ext4 /dev/vg
$ mkfs.ext4 /dev/vg/lv_ext4
$ mkdir /ext4
$ vi /etc/fstab
/dev/vg/lv_ext4 /ext4 ext4 defaults 1 2
$ cp -p /xfs/.f* /ext4

Configure a virtual console.

$ grubby –update-kernel=ALL –args=”console=ttyS0″

Create a logical volume of 200MB called lv_swap2 and add it permanently to the current swap space.

$ lvcreate –L200M –n lv_swap2 vg00
$ mkswap /dev/vg/lv_swap2
$ swapon /dev/vg/lv_swap2
vi /etc/fstab
/dev/vg00/lv_swap2 swap swap defaults 0 0

Create a cron job running as root, starting at 11PM every day and writing a report on daily system resource consumption in the /var/log/consumption.log file (sysstat package required).

$ crontab -e
00 23 * * * /usr/bin/sar -A > /var/log/consumption.log

Set the default target to boot into X Window level (previously level 5).

$ systemctl set-default graphical.target

Change the hostname to mycentos.example.com

$ hostnamectl set-hostname mycentos.example.com

 

RHEL6

Setup a /home/rhce directory to facilitate collaboration among the rhce group.
Each member should be able to create files and modify each others’ files, but should not be able to delete any one else’s files in this directory.

$ mkdir /home/rhce
$ chown root:rhce /home/rhce
$ chmod 770 /home/rhce
$ chmod +t /home/rhce
$ chmod g+s /home/rhce

Make sure user bob’s account expires after one week.

$ date -d “+1week”
$ usermod -e YYYY-MM-DD bob
or $ chage -E YYYY-MM-DD bob
$ chage -l bob

Set up a default configuration webserver. In the index file, place the sentence “This is a test.”.
Make this webserver only accessible to your machine and server1.example.com.

$ yum install httpd
$ chkconfig httpd on
$ service httpd start
$ echo “This is a test.″ > /var/www/html/index.html
$ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
$ service iptables save
$ vi /etc/httpd/conf/httpd.conf
 Order allow,deny
 Allow from 127.0.0.1 server1.example.com
$ service httpd reload

Add 100MB of swap space to your machine using a logical volume.

$ lvcreate –name lv_swap2 –size 100M vg
$ mkswap /dev/vg/lv_swap2
$ swapon /dev/vg/lv_swap2
$ vi /etc/fstab
 /dev/vg/lv_swap2 swap swap defaults 0 0 

Create user accounts named tony, mike, and john each with the “redhat” password and belonging to a secondary group called “rhce”.

$ groupadd rhce
$ useradd tony -G rhce; passwd tony
$ useradd mike -G rhce; passwd mike
$ useradd john -G rhce; passwd john

Expand the file system on /home to 2GB in size.

$ lvresize -r -L 2G /dev/vg/lv_home

Set up a default configuration FTP server. Block ftp connections from hackers.net

$ yum install vsftpd
$ chkconfig vsftpd on
$ service vsftpd start
$ vi /etc/sysconfig/iptables-config
 IPTABLES_MODULES=”nf_conntrack_ftp nf_nat_ftp”
$ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 20 -j ACCEPT
$ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
$ service iptables save
$ service iptables restart
$ vi /etc/hosts.deny
 vsftpd: .hackers.net: DENY

Set up a new 100MB logical volume. Encrypt the volume with LUKS and set it up to automatically decrypt and mount to /crypt at boot. Use the ext4 filesystem and place an empty file in the root of the encrypted filesystem with a name of “test”.

$ lvcreate –name crypt –size 100M vg
$ mkdir /crypt
$ cryptsetup luksFormat /dev/vg/crypt
$ cryptsetup luksOpen /dev/mapper/vg-crypt crypt
$ mkfs.ext4 /dev/mapper/crypt
$ vi /etc/fstab
 /dev/mapper/crypt /crypt ext4 defaults 1 2
$ mount -a
$ cryptsetup luksAddKey /dev/vg/crypt /etc/keyfile
$ chmod 400 /etc/keyfile
$ vi /etc/crypttab
 crypt /dev/vg/crypt /etc/keyfile
$ touch /crypt/test

Create a new user “bob”. Give bob, not in the rhce group, read and write access to /home/rhce.

$ useradd bob
$ passwd bob
$ setfacl -R -m u:bob:rwx /home/rhce

Set up a job to delete all of the regular files in the /home/bob directory on the second day of every month at 8:30 A.M.

$ crontab -e
  30 08 02 * * /bin/find /home/bob -type f -exec /bin/rm {} \;

Install the appropriate kernel update from http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages.
The following conditions must also be met:
– the updated kernel is the default kernel when the system is rebooted.
– the original kernel remains available and bootable on the system.

$ uname –r
$ wget <a href="http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel*" rel="nofollow">http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel*</a>
$ rpm –ivh kernel
$ vi /etc/grub.conf
 Check for default (0 or 1)

Set up the automounter, and configure it to read the DVD on the /misc/dvd directory.

$ yum install -y autofs
$ vi /etc/auto.misc
 dvd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
$ service autofs start

Assume you forget the current root password. Reboot your server and put the “redhat” password instead.

$ reboot
 Press ‘a‘ at the first GRUB menu at the console.
 Type ‘single‘ at the end of the line.
$ passwd root
 Type ‘redhat‘.

Create a file named dontcopy in the /root directory and make it impossible to back it up with the dump command.

$ touch /root/dontcopy
$ chattr +d /root/dontcopy

Create a logical volume with the name “lv_vol” using 180PE (Physical Extents).
Mount it on /mnt with filesystem ext4.
Make it permanently loaded by uuid.
Create a file called tempo into the /mnt directory.

$ lvs
$ lvcreate –name lv_vol -l 180 vg
$ mkfs.ext4 /dev/vg/lv_vol
$ blkid | grep lv_vol >> /etc/fstab
$ vi /etc/fstab
 UUID=”…” /mnt ext4 defaults 0 0
$ mount /mnt
$ df
$ touch /mnt/tempo

Create a file called cmd belonging to user and group root in tom‘s directory with the string “/bin/echo Hello!” inside. Configure permissions on it to allow the steven‘s account to read and execute it but not andrew nor tom.

$ cd /home/tom
$ echo ‘/bin/echo Hello!’ > cmd
$ setfacl -m u:steven:r-x cmd
$ setfacl -m u:steven:–x ../tom
$ setfacl -m u:tom:— cmd
$ setfacl -m u:andrew:— cmd

Install the vsftpd package. Copy the TUNING file coming with the package into the /root directory.

$ yum install -y vsftpd
$ rpm -ql vsftpd | grep TUNING
$ cd /usr/share/doc/vsftpd…
$ cp TUNING /root

Install a httpd server. Make it serve files from /www/html. Write a file called index.html displaying “Hello world!“.

$ yum groupinstall -y “Web server”
$ yum install -y setroubleshoot-server elinks
$ cp -rp /var/www/* /www
$ cd /etc/httpd/conf
$ sed -e “s:DocumentRoot \”/var/www/html\”:DocumentRoot \”/www/html\”:g” httpd.conf > httpd.conf2
$ mv -f httpd.conf2 httpd.conf
$ service httpd configtest
$ echo Hello world! >/www/html/index.html
$ semanage fcontext -a -t httpd_sys_content_t “/www(/.*)?”
$ restorecon -r /www
$ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
$ service iptables save
$ chkconfig httpd on
$ service httpd start
$ elinks <a href="http://localhost" rel="nofollow">http://localhost</a>

Remove all the files from the /etc/yum.repos.d directory. Set up a repository for the Base packages from (US)University of Oklahoma’s (http://mirror.oss.ou.edu/centos/) or (Germany)ATrpms’s (http://mirror.atrpms.net/centos/) or (China)Beijing Institute of Technology’s (http://mirror.bit.edu.cn/centos/) according to your geographical localization.

$ cd /etc/yum.repos.d
$ /bin/rm *
$ vi local.repo
 [base]
 name=University of Oklahoma – Base
 baseurl=http://mirror.oss.ou.edu/centos/$releasever/os/$basearch/
 enabled=1
 gpgcheck=0
$ yum clean all
$ yum repolist all

Reduce the size of the lv_vol logical volume to 100MB.

$ umount /mnt
$ lvreduce –size 100M -r /dev/vg/lv_vol
$ mount /mnt

Create users andrew, tom, and steven with home directories in /home and passwords “redhat“.
Make steven‘s account to expire on May 14, 2015.

$ useradd andrew; passwd andrew
$ useradd tom; passwd tom
$ useradd steven; passwd steven
$ chage -E 2015-05-14 steven; chage -l steven

Create a directory called project in /home. Create two groups called admins and dbas with gid respectively 50001 and 50002. Put andrew account into the admins group and steven account into the dbas group, each time as a secondary group. Configure the project directory for group collaboration among members of the admins and dbas groups with no access for all other users.

$ mkdir /home/project
$ groupadd -g 50001 admins; groupadd -g 50002 dbas
$ usermod -aG admins andrew
$ usermod -aG dbas steven
$ setfacl -m g:admins:rwx /home/project
$ setfacl -m g:dbas:rwx /home/project
$ setfacl -m o:— /home/project

Enable the cron access for root and steven users only.

$ echo steven >/etc/cron.allow

Configure a cron job for the root user to search for files named core in the /usr directory and delete them on every sunday at 11:55pm system time.

$ crontab -e
 55 23 * * 0 /bin/find /usr -name core -exec /bin/rm {} \;

Create a script called cmd in the /root directory that displays “Zero” if no parameter is given, “One” if only one and “Several” if more than one.

$ cd /root
$ vi cmd
 !#/bin/bash
 case $# in
 0) echo “Zero”;;
 1) echo “One”;;
 *) echo “Several”;;
 esac
$ chmod u+x cmd

Allow ssh access only from the 192.168.1.0/24 network.

$ iptables -I INPUT ! -s 192.168.1.0/24 -m tcp -p tcp –dport 22 -j REJECT
$ service iptables save

По материалам CertDepot

Оставьте ответ

Ваш адрес email не будет опубликован.