system-config-* X system config scripts Fix MBR: find /grub/grub.conf root !d"#"$ setup !d"$ RHCSA/RHCE Exam Objectives (as of 30/03/0!!" #nde$stand and #se Essentia% &oo%s Access a s'e%% ($om(t and issue commands )it' co$$ect syntax %se /bin/s! -or- /bin/b&s! #se in(ut*out(ut $edi$ection (+, ++, -, +, etc." stdout to fi'e ($ stderr to fi'e )($ &ppend to fi'e (($ stderr to stdout )(*+$ ex. iptables -L -n -v -x >> /tmp/ipt.out 2>&1 redirect stdin and stdout to /tmp/ipt.out #se /$e( and $e/u%a$ ex($essions to ana%y0e text grep expr -or- egrep expr o ex. tail -f /var/log/messages | egrep !ernel|error"# onl$ s%o& lines containing !ernel or error strings o ex. cat /etc/%ttpd/conf/%ttpd.conf | grep -v '(# omit lines starting &it% ( c%aracter Access $emote systems usin/ ss' and 12C ,,-: o ss! user.!ost /0C: o 1nc1ie2er !ost:disp'&y o 1nc1ie2er !ost::port 3o/ in and s)itc' use$s in mu%ti*use$ $un%eve%s su 3 user A$c'ive, com($ess, un(ac4 and uncom($ess fi%es usin/ ta$, sta$, /0i(, and b0i( Compress: o t&r cf4 &rc!i1e.t&r.g4 infi'e+ infi'e) o ex. tar cf) /tmp/%ttpd*conf.tar.g) /etc/%ttpd %ncompress: o t&r xf4 &rc!i1e.t&r.g4 5!e rest of t!e comm&nds &re simi'&r. %se 3!e'p &nd re&d t!eir m&n p&ge C$eate and edit text fi%es 1im fi'e -or- n&no fi'e C$eate, de%ete, co(y and move fi%es and di$ecto$ies Cre&te/touc!: touc! fi'e o ex. touc% /tmp/i*&as*%ere Mo1e/ren&me: m1 srcfi'e dstfi'e o ex. mv /%ome/+o%n/%ttpd.conf /etc/%ttpd/conf/%ttpd.conf Remo1e: rm fi'e o ex. rm /%ome/+o%n/%ttpd.conf.old Copy: cp srcfi'e dstfi'e o ex. cp %ttpd.conf %ttpd.conf.bac!up C$eate 'a$d and soft %in4s ,oft 'in6: 'n -s srcfi'e dst'in6 o ex. ln -s /mnt/data/docs /%ome/+o%n/,es!top/documents soft lin! from /mnt/data/docs to ,es!top -&rd 'in6: 'n srcfi'e dst'in6 3ist, set and c'an/e standa$d u/o/$)x (e$missions List: 's -' C!&nge: c!mod mode fi'e o ex. o c%mod u-r&x.g-rx.o-rx m$script.s% o c%mod /00 m$script.s% o /00 is e1uivalent to u-r&x.g-rx.o-rx" 3ocate, $ead and use system documentation inc%udin/ man, info, and fi%es in /us$/s'a$e/doc &propos 6ey2ord 2!&tis 6ey2ord m&n -6 6ey2ord m&n comm&nd info comm&nd fgrep -Ri 6ey2ord /usr/s!&re/doc/p&c6&ge Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidates abilities to meet this objective. O(e$ate Runnin/ Systems 5oot, $eboot, and s'ut do)n a system no$ma%%y reboot s!utdo2n -! no2 5oot systems into diffe$ent $un%eve%s manua%%y &ppend + up to 7 to 6erne' boot options press e in grub menu to edit & 'ine$ #se sin/%e*use$ mode to /ain access to a system &ppend + to 6erne' boot options press e in grub menu to edit & 'ine$ 6dentify C7#/memo$y intensive ($ocesses, adjust ($ocess ($io$ity )it' $enice, and 4i%% ($ocesses Identify: top use s!ift-f to se'ect sort co'umn$ 8d9ust priority: renice -)":":)" pid ;i'': 6i'' -< pid -or- 6i''&'' -< n&me -or- p6i'' -f expr 3ocate and inte$($et system %o/ fi%es Loo6 for 'ogs in /1&r/'og/. /va$/%o//messa/es fi%e is an im(o$tant system %o/8 Access a vi$tua% mac'ine9s conso%e 1irt-m&n&ger =R 1irt-1ie2er =R: +. 1irs! 1ncdisp'&y dom&in ). 1nc1ie2er 'oc&'!ost:disp'&y Sta$t and sto( vi$tua% mac'ines 1irt-m&n&ger =R: +. 1irs! st&rt dom&in ). 1irs! s!utdo2n dom&in Sta$t, sto( and c'ec4 t'e status of net)o$4 se$vices ser1ice ser1ice>n&me stop ser1ice ser1ice>n&me st&rt ser1ice ser1ice>n&me st&tus ex. service %ttpd stop 2 stop %ttp server Confi/u$e 3oca% Sto$a/e 3ist, c$eate, de%ete and set (a$tition ty(e fo$ ($ima$y, extended, and %o/ica% (a$titions List: fdis6 -' Modify: cfdis6 de1ice -or- fdis6 de1ice -or- p&rted C$eate and $emove ('ysica% vo%umes, assi/n ('ysica% vo%umes to vo%ume /$ou(s, c$eate and de%ete %o/ica% vo%umes ?!ysic&' 1o'umes: o p1cre&te 3!e'p o p1remo1e 3!e'p /o'ume groups: o 1gcre&te 3!e'p o 1gremo1e 3!e'p Logic&' 1o'umes: o '1cre&te 3!e'p o '1remo1e 3!e'p C$eate and confi/u$e 3#:S*enc$y(ted (a$titions and %o/ica% vo%umes to ($om(t fo$ (ass)o$d and mount a dec$y(ted fi%e system at boot +. cryptsetup 'u6sForm&t de1ice ). cryptsetup 'u6s=pen de1ice m&ppern&me @. m6fs.fs m&ppern&me A. edit /etc/cryptt&b: m&ppern&me de1ice none +. /etc/cryptt&b: use %%IB or L8BCL for de1ice$ 7. edit /etc/fst&b: /de1/m&pper/m&ppern&me /mpoint D$ Confi/u$e systems to mount fi%e systems at boot by #nive$sa%%y #ni;ue 6< (##6<" o$ %abe% Find & de1iceEs %%IB or L8BCL: o b'6id de1ice o =R 's -' /de1/dis6/by-* : grep de1ice Cdit /etc/fst&b: o use L8BCLF'&be' or %%IBFuuid to specify t!e de1ice Add ne) (a$titions, %o/ica% vo%umes and s)a( to a system non*dest$uctive%y Cre&te & p&rtition: o cfdis6 de1ice -or- fdis6 de1ice -or- p&rted Cre&te & 'ogic&' 1o'ume: o '1cre&te 3!e'p 8dd s2&p: +. m6s2&p de1ice ). s2&pon de1ice C$eate and Confi/u$e =i%e Systems C$eate, mount, unmount and use ext, ext3 and ext> fi%e systems Cre&te: m6fs.extfs Mount: mount de1ice /mpoint %nmount: umount de1ice ?ount, unmount and use 3#:S*enc$y(ted fi%e systems +. cryptsetup 'u6s=pen de1ice m&ppern&me ). mount /de1/m&pper/m&ppern&me /mpoint @. umount /de1/m&pper/m&ppern&me A. cryptsetup 'u6sC'ose m&ppern&me ?ount and unmount C6=S and 2=S net)o$4 fi%e systems Mount: o 0F,: mount -t nfs !ost:/s!&re /mpoint o CIF,: mount -t cifs -o Gusern&meF#p&ss2ordFH //!ost/s!&re /mpoint %nmount: umount /mpoint Confi/u$e systems to mount ext>, 3#:S*enc$y(ted and net)o$4 fi%e systems automatica%%y Configure /etc/&uto.*: o nfs: mpoint -r2#intr !ost:/remote/mpoint o de1ice: mpoint -fstypeFfstype :de1ice Extend existin/ unenc$y(ted ext>*fo$matted %o/ica% vo%umes '1resi4e 3!e'p -or- '1extend 3!e'p o ex. lvresi)e -L314 lv add 14 to lv C$eate and confi/u$e set*G6< di$ecto$ies fo$ co%%abo$ation +. c!mod gIs dir ). cre&te group s!&red>grp @. c!grp s!&red>grp dir A. 8dd users to s!&red>grp C$eate and mana/e Access Cont$o% 3ists (AC3s" /ie2 &c': getf&c' fi'e Modify: setf&c' -m mode fi'e o ex. setfacl -m u5+o%n5r& /%ome/anna/prv*file Remo1e: setf&c' -x mode fi'e <ia/nose and co$$ect fi%e (e$mission ($ob%ems Bi&gnose: o 's -'&J o getf&c' fi'e o c!ec6 /1&r/'og/&udit/&udit.'og for se'inux errors Fix: o c!mod mode fi'e o setf&c' -m mode fi'e <e(%oy, Confi/u$e and ?aintain Systems Confi/u$e net)o$4in/ and 'ostname $eso%ution statica%%y o$ dynamica%%y Cre&te st&tic !ostn&mes: /etc/!osts Configure dns ser1ers: /etc/reso'1.conf M&n&ge reso'ution order: /etc/nss2itc!.conf Sc'edu%e tas4s usin/ c$on cront&b -e =R edit /etc/cron.*/fi'e: o ex. vim /etc/cron.dail$/m$cron Confi/u$e systems to boot into a s(ecific $un%eve% automatica%%y Cdit /etc/initt&b &nd modify initdef&u't 2it! 1&'ues from +..7 6nsta%% Red Hat Ente$($ise 3inux automatica%%y usin/ :ic4sta$t %se 6erne' boot options: o 'inux 6sFftp/!ttp://!ost/6s.cfg o 'inux 6sFnfs:!ost:/6s.cfg o 'inux 6sFcdrom:/de1/dir/6s.cfg o 'inux 6sF!d:/de1/dir/6s.cfg o 'inux 6sFfi'e:/de1/dir/6s.cfg Confi/u$e a ('ysica% mac'ine to 'ost vi$tua% /uests %se 1irt-m&n&ger 6nsta%% Red Hat Ente$($ise 3inux systems as vi$tua% /uests %se 1irt-m&n&ger Confi/u$e systems to %aunc' vi$tua% mac'ines at boot %se 1irt-m&n&ger -or- 1irs! &utost&rt dom&in Confi/u$e net)o$4 se$vices to sta$t automatica%%y at boot Configure: c!6config ser1ice on -or- ntsys1 /ie2 st&rtup ser1ices: c!6config 3'ist Confi/u$e a system to $un a defau%t confi/u$ation H&&7 se$ve$ +. yum inst&'' !ttpd ). ser1ice !ttpd st&rt @. c!6config !ttpd on A. upd&te /etc/sysconfig/ipt&b'es open port tcp K"$ Confi/u$e a system to $un a defau%t confi/u$ation =&7 se$ve$ +. yum inst&'' 1sftpd ). ser1ice 1sftpd st&rt @. c!6config 1sftpd on A. upd&te /etc/sysconfig/ipt&b'es open port tcp )+$ 6nsta%% and u(date soft)a$e (ac4a/es f$om Red Hat 2et)o$4, a $emote $e(osito$y, o$ f$om t'e %oca% fi%esystem yum se&rc! n&me yum inst&'' p&c6&ge yum upd&te p&c6&ge #(date t'e 4e$ne% (ac4a/e a(($o($iate%y to ensu$e a bootab%e system rpm -i1! ne2>6erne'.rpm =R yum inst&'' 6erne' ?odify t'e system boot%oade$ Cdit /boot/grub/grub.conf ?ana/e #se$s and G$ou(s C$eate, de%ete, and modify %oca% use$ accounts 8dd: user&dd Be'ete: userde' Modify: usermod /ie2 /etc/p&ss2d C'an/e (ass)o$ds and adjust (ass)o$d a/in/ fo$ %oca% use$ accounts C!&nge p&ss2ord: p&ss2d user C!&nge &ging: c!&ge -C LLLL-MM-BB user C$eate, de%ete and modify %oca% /$ou(s and /$ou( membe$s'i(s 8dd: group&dd Be'ete: groupde' Modify: groupmod Members!ips: edit /etc/group Confi/u$e a system to use an existin/ 3<A7 di$ecto$y se$vice fo$ use$ and /$ou( info$mation %se system*confi/*aut'entication ?ana/e Secu$ity Confi/u$e fi$e)a%% settin/s usin/ system*confi/*fi$e)a%% o$ i(tab%es Insert: ipt&b'es -t 58BLC -I C-8I0 D 8ppend: ipt&b'es -t 58BLC -8 C-8I0 D Be'ete: ipt&b'es -t 58BLC -B C-8I0 D F'us! t&b'e: ipt&b'es -t 58BLC -F ,&1e persistent c!&nges to /etc/sysconfig/ipt&b'es Set enfo$cin/ and (e$missive modes fo$ SE3inux ?ersistent c!&nge: o /etc/se'inux/config: ,CLI0%XFenforcing:permissi1eCurrent session: 0on persistent c!&nge: o setenforce +:":enforcing:permissi1e 1ie) SE3inux status: sest&tus 3ist and identify SE3inux fi%e and ($ocess context 's -'J ps -efJ Resto$e defau%t fi%e contexts restorecon -R fi'e #se boo%ean settin/s to modify system SE3inux settin/s /ie2 boo'e&ns: o getseboo' -& : grep 6ey2ord o =R sem&n&ge boo'e&n -' : grep 6ey2ord C!&nge boo'e&ns: o setseboo' -? boo'e&n on:off <ia/nose and add$ess $outine SE3inux 7o%icy vio%ations Bi&gnose: o /1&r/'og/&udit/&udit.'og o /1&r/'og/mess&ges o 1ie2 ser1ice 'ogs o se&'ert Fix: o &udit)&''o2 o setseboo' -? boo'e&n on:off RHCE: System Confi/u$ation and ?ana/ement Route 67 t$affic and c$eate static $outes route &dd -net +<).+MK.@." netm&s6 )77.)77.)77." g2 +<).+MK.+.)7A route &dd -!ost +<).+MK.@.@ netm&s6 )77.)77.)77." de1 tun" For persistent c!&nges edit /etc/sysconfig/net2or6-scripts/route-device. o 6xamples5 172.189.:.;/200.200.200.; via 172.189.1.20< 172.189.:.: dev tun; #se i(tab%es to im(%ement (ac4et fi%te$in/ and confi/u$e net)o$4 add$ess t$ans%ation (2A&" Fi'ter: o ipt&b'es -t fi'ter : -8 : -B : I0?%5 : =%5?%5 D -9 : 8CCC?5 o ex. iptables -= =>?@A -s 172.189.1;1.: -p tcp 2dport 22 -+ BCC6?A 3 8''o2 incoming tcp tr&ffic on port )) ss!$ from +<).+MK.+"+.@ 0&t: o ipt&b'es -t n&t : -8 : -B D -9 : B085 : M8,N%CR8BC o ex. iptables -t nat -= ?D6DE@A=>4 -p tcp 2dport 99;; -+ ,>BA 2to 172.189.1;1.:59; 3 For2&rd incoming tcp tr&ffic on port KK"" to +<).+MK.+"+.@:K" #se /($oc/sys and sysct% to modify and set 4e$ne% $un*time (a$amete$s +. List: sysct' -& : grep 6ey ). Configure /etc/sysct'.conf @. 8pp'y configur&tion: sysct' -p Confi/u$e system to aut'enticate usin/ :e$be$os system-config-&ut!entic&tion 5ui%d a sim(%e R7? t'at (ac4a/es a sin/%e fi%e +. rpmde1-setuptree ). cd O/rpmbui'd @. rpmde1-ne2spec ,?CC/!e''o.spec A. edit ,?CC/!e''o.spec 7. rpmbui'd -b& ,?CC/!e''o.spec Confi/u$e a system as an iSCS6 initiato$ t'at (e$sistent%y mounts an iSCS6 ta$/et Find t&rgets: o iscsi&dm -m disco1ery -t sendt&rgets -p !ost Login to t&rget: o iscsi&dm -m node 3t&rgetn&me iPn.)""+-"7.com.doe:test -p !ost:port 3'ogin 7$oduce and de%ive$ $e(o$ts on system uti%i0ation (($ocesso$, memo$y, dis4, and net)o$4" Report: s&r -8 B&t& p&t!: /1&r/'og/s& s&r -f s&BB$ ,c!edu'e definition: /etc/cron.d/sysst&t #se s'e%% sc$i(tin/ to automate system maintenance tas4s 0/8 Confi/u$e a system to %o/ to a $emote system 5C? o /etc/rsys'og: *.* ..!ost:port %B? o /etc/rsys'og: *.* .!ost:port Confi/u$e a system to acce(t %o//in/ f$om a $emote system 8cti1&te 5C? ser1er in /etc/rsys'og: o FGodLoad imtcp.so F=nputAC?HerverDun 01< 8cti1&te %B? ser1er in /etc/rsys'og: o FGodLoad imudp.so F=nput@,?HerverDun 01< 2et)o$4 Se$vices 2et)o$4 se$vices a$e an im(o$tant subset of t'e exam objectives. RHCE candidates s'ou%d be ca(ab%e of meetin/ t'e fo%%o)in/ objectives fo$ eac' of t'e net)o$4 se$vices %isted be%o): Inst&'' t!e p&c6&ges needed to pro1ide t!e ser1ice Configure ,CLinux to support t!e ser1ice Configure t!e ser1ice to st&rt 2!en t!e system is booted Configure t!e ser1ice for b&sic oper&tion Configure !ost-b&sed &nd user-b&sed security for t!e ser1ice R-CC c&ndid&tes s!ou'd &'so be c&p&b'e of meeting t!e fo''o2ing ob9ecti1es &ssoci&ted 2it! specific ser1ices: H&&7/H&&7S Confi/u$e a vi$tua% 'ost /etc/!ttpd/conf/!ttpd.conf: o >ameIirtualJost K59; LIirtualJost K59;> Herver>ame docs.example.com ,ocumentDoot /pat% L/IirtualJost> Confi/u$e ($ivate di$ecto$ies Configure /etc/!ttpd/conf/!ttpd.conf: o But%A$pe basic But%>ame Mprivate r%el1N But%@serOile /&&&/.r%el1*priv*user De1uire valid-user Erder den$.allo& ,en$ from all Cre&te user/p&ss2ord fi'e: o %tpass&d -c /&&&/.r%el1*priv*user user <e(%oy a basic CG6 a((%ication /etc/!ttpd/conf/!ttpd.conf: o ,irector$ Eptions 36xecC4= BddJandler cgi-script .pl .cgi cgi-bin/!e''o.p': o print MContent-t$pe5 text/%tmlPnPnQR print M%elloSQR Confi/u$e /$ou(*mana/ed content +. group&dd 2ebdesigners ). &dd users to 2ebdesigners @. m6dir /222/site+ A. c!grp &p&c!e.2ebdesigners /222/site+ 7. c!mod QQ7 /222/site+ M. c!mod gIs /222/site+ 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' !ttpd Confi/u$e SE3inux to su((o$t t'e se$vice %se t!e &ppropri&te ,CLinux boo'e&ns o getseboo' -& : grep !ttpd %se !ttpd>sys>content>t fi'e context for content Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config !ttpd on Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). Configure t!e ser1ice to st&rt 2!en t!e system is booted @. Configure ,CLinux support A. %pd&te /etc/sysconfig/ipt&b'es: o open tcp port K" AConfi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice -ost o use ipt&b'es o /etc/!ttpd/conf/!ttpd.conf: Bllo& from good*ip ,en$ from all Erder den$.allo& %ser o /etc/!ttpd/conf/!ttpd.conf: @se But%A$pe Tasic <2S Confi/u$e a cac'in/*on%y name se$ve$ n&med.conf: o allo&-1uer$ U good*ipsR VR recursion $esR Confi/u$e a cac'in/*on%y name se$ve$ to fo$)a$d <2S ;ue$ies n&med.conf: o allo&-1uer$ U good*ipsR VR for&ard onl$R for&arders U for&arder*ipR VR recursion $esR 2ote: Candidates a$e not ex(ected to confi/u$e maste$ o$ s%ave name se$ve$s 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' bind Confi/u$e SE3inux to su((o$t t'e se$vice getseboo' -& : grep n&med Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config n&med on Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). GConfigure & c&c!ing-on'y n&me ser1erH @. Configure t!e ser1ice to st&rt 2!en t!e system is booted A. Configure ,CLinux support 7. %pd&te /etc/sysconfig/ipt&b'es: o open tcp &nd udp port 7@ Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice -ost o =pen tcp &nd udp port 7@ 2it! ipt&b'es %ser o 0/8 =&7 Confi/u$e anonymous*on%y do)n%oad 1sftpd.conf: o anon$mous*enable-W6H anon*upload*enable->E local*enable->E 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' 1sftpd Confi/u$e SE3inux to su((o$t t'e se$vice getseboo' -& : grep ftpd %se pub'ic>content>t fi'e context for content Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config 1sftpd on Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). GConfigure &nonymous-on'y do2n'o&dH @. Configure t!e ser1ice to st&rt 2!en t!e system is booted A. Configure ,CLinux support 7. %pd&te /etc/sysconfig/ipt&b'es: o open tcp port )+ Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice -ost o %se ipt&b'es %ser o 1sftpd.conf: local*enable-W6H 2=S 7$ovide net)o$4 s'a$es to s(ecific c%ients /etc/exports: o /mpoint %ostro" %ost2r&" 172.189.2.;/2<ro" allo& read/&rite access to %ost2. read-onl$ to %ost and 172.189.2.;/2< 7$ovide net)o$4 s'a$es suitab%e fo$ /$ou( co%%abo$ation +. Cre&te & s!®roup ). 8dd users to s!®roup @. Cre&te s!&red directory &nd set gid on it. 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' nfs-uti's Confi/u$e SE3inux to su((o$t t'e se$vice getseboo' -& : grep nfs Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config nfs on Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). G?ro1ide net2or6 s!&res to specific c'ientsH @. Configure t!e ser1ice to st&rt 2!en t!e system is booted A. Configure ,CLinux support 5. Configure st&tic loc!d. statd. mountd. r1uotad ports in /etc/sysconfig/nfs M. %pd&te /etc/sysconfig/ipt&b'es: o open t!ose ports Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice -ost: o Befine !ost permissions in /etc/exports %ser: o %se fi'esystem permissions S?5 7$ovide net)o$4 s'a$es to s(ecific c%ients In smb.conf cre&te & section 'i6e: o Xs%areY valid users - username &rite list - username pat% - /s%are create mas! - ;/00 7$ovide net)o$4 s'a$es suitab%e fo$ /$ou( co%%abo$ation +. &dd group 2or6ers group&dd n&meR net rpc group &dd n&me$ ). &dd users to group user&dd n&meR net rpc user &dd usern&me$ @. In smb.conf cre&te & section 'i6e: o Xs%aredY pat% - /s%ared force group - 3&or!ers valid users - Z&or!ers vie&er &rite list - Z&or!ers 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' s&mb& Confi/u$e SE3inux to su((o$t t'e se$vice getseboo' -& : grep s&mb& Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config smb st&rt Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). Cre&te & s!&re @. Configure t!e ser1ice to st&rt 2!en t!e system is booted A. Configure ,CLinux support 7. %pd&te /etc/sysconfig/ipt&b'es: o open tcp ports +@< &nd AA7 Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice %ser o Configure users permissions in smb.conf -ost o %se ipt&b'es o smb.conf c&n &'so be used 2it! G!osts &''o2H/H!osts denyH property S?&7 Confi/u$e a mai% t$ansfe$ a/ent (?&A" to acce(t inbound emai% f$om ot'e$ systems Configure /etc/postfix/m&in.cf: o Configure m$%ostname. m$domain. m$origin. m$net&or!s. m$destinations1&ri&b'es o ,et inet*interfaces - all Confi/u$e an ?&A to fo$)a$d ($e%ay" emai% t'$ou/' a sma$t 'ost Configure /etc/postfix/m&in.cf: o rela$%ost - %ost 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' postfix Confi/u$e SE3inux to su((o$t t'e se$vice getseboo' -& : grep postfix Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config postfix on Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). Configure t!e ser1ice to st&rt 2!en t!e system is booted @. Configure ,CLinux support A. %pd&te /etc/sysconfig/ipt&b'es: o open tcp ports )7 Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice %ser: o /etc/postfix/m&in.cf: smtpd>s&s'>&ut!>en&b'e F yes smtpd>s&s'>security>options F no&nonymous bro6en>s&s'>&ut!>c'ients F yes smtpd>recipient>restrictions F permit>s&s'>&ut!entic&ted# permit>mynet2or6s# re9ect>un&ut!>destin&tion ser1ice s&s'&ut!d st&rt o ser1ice s&s'&ut!d st&rt o c!6config s&s'&ut!d on -ost: o %se ipt&b'es SSH Confi/u$e 4ey*based aut'entication Configure /etc/ss!/ss!d>config: o ?ub!e$But%entication $es 5est: o ss%-cop$-id userZ%ost ss% userZ%ost Confi/u$e additiona% o(tions desc$ibed in documentation 0/8 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' openss!-ser1er Confi/u$e SE3inux to su((o$t t'e se$vice getseboo' -& : grep ss! Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config ss! on Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). Configure t!e ser1ice to st&rt 2!en t!e system is booted @. Configure ,CLinux support A. %pd&te /etc/sysconfig/ipt&b'es: o open tcp ports )) Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice %ser: o ss!d>config: Bllo&@sers userZ%ost o ED disable s%ell access for a user if needed -ost: o %se ipt&b'es 2&7 Sync'$oni0e time usin/ ot'e$ 2&7 (ee$s 5est: o ntpd&te -P +)@.+)@.7M.+)@ Configure ntp.conf: o server 12:.12:.08.12: XiburstY 6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice yum inst&'' ntp Confi/u$e SE3inux to su((o$t t'e se$vice 0/8 Confi/u$e t'e se$vice to sta$t )'en t'e system is booted c!6config ntpd on Confi/u$e t'e se$vice fo$ basic o(e$ation +. Inst&'' ser1ice ). Configure t!e ser1ice to st&rt 2!en t!e system is booted 3. =f >A? is configured as a server" %pd&te /etc/sysconfig/ipt&b'es: o open udp port +)@ Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice -ost: o =f >A? is configured as a server" %se ipt&b'es %ser: o 0/8