Vous êtes sur la page 1sur 10

Do the below three steps on both virtual machine

**************************************************************
#systemctl mask iptables.service
##systemctl mask iptables6.service
##systemctl mask ebtables.service
#--------------------------------------------------------------------------------------------------------------------1) Configure selinux on both vm's
#**************************************************************
##cat /etc/sysconfig/selinux
#
SELINUX=enforcing
#
---------------------------------------------------------------------------------------------------------------------------2) Configure repository on both vm's
#**************************************************************
#cd /etc/yum.repos.d
#rm -rf *
#cat file.repo
[rhel7]
baseurl=http://station.network0.example.com/content/rhel7.0/x86_64/dvd/
gpgcheck=0
#rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
#yum clean all
#yum list all
----------------------------------------------------------------------3)Configure ssh on both vm's
*******************************************************************************
#yum install openssh* -y
##systemctl enable sshd.socket
##systemctl restart sshd.service
##cat /etc/hosts.deny
sshd: 10.32.0.0/255.255.255.0
#systemctl restart sshd.service
#firewall-cmd --permanent --add-port=22/tcp
#firewall-cmd --reload
-----------------------------------------------------------------------------------------------4)Configure Port Forwarding on ServerX
#*******************************************************************************
******
#firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="17
2.25.0.10/32" forward-port port=5243 protocol=tcp to-port="80"'
# firewall-cmd --reload
#
5) Configure Simple Command on both vm's
************************************************************
# cat /bin/qstat
ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
#chmod a+x /bin/qstat
#qstat
----------------------------------------------------------------------------6)Configure Ipv6 Network on both vm's

***********************************************************************
#nmcli con show
#nmcli con add con-name eth0 type ethernet ifname eth0
#nmcli con show
#ip addr show
#nmcli connection modify eth0 ipv6.addresses "fddb:fe2a:ab1e::c0a8:02/64 fddb:fe
2a:ab1e::c0a8:fe" ipv6.method manual
#nmcli connection up eth0
#ip addr show
#ping6 fddb:fe2a:ab1e::c0a8:02
------------------------------------------------------------------------------------------------------------7)Configure Link Aggregation on both vm's
*************************************************************************
#ip link
#nmcli connection add type team con-name team0 ifname team0 config '{"runner": {
"name": "activebackup"}}'
#nmcli connection show
#nmcli connection modify team0 ipv4.addresses "192.168.X.10/24" ipv4.method manu
al
#nmcli connection add type team-slave con-name team0-port1 ifname eno1 master te
am0
#nmcli connection add type team-slave con-name team0-port2 ifname eno2 master te
am0
#teamdctl team0 state
#ping 192.168.X.10
-------------------------------------------------------------------------------------------------------------8)Configure SMTP on both vm's
**********************************************************************
#yum install postfix -y
#systemctl enable postfix
#useradd natasha
#cat /etc/postfix/main.cf
inet_interfaces = loopback-only
myorigin=example.com
relayhost=[station.network0.example.com]
mydestination=""
#systemctl restart postfix.service
#firewall-cmd --permanent --add-port=25/tcp
#firewall-cmd --reload
---------------------------------------------------------------------------------9)Configure NFS server on server2
************************************************
(i)Normal Share
*****************
# yum install nfs* -y
#systemctl enable nfs-server
#systemctl start nfs-server
#mkdir /nfsshare
#cat /etc/exports
/nfsshare
*.example.com(rw)
#systemctl restart nfs-server
# firewall-cmd --permanent --add-service=nfs
#firewall-cmd --reload

#exportfs -r
#exportfs
(ii)Secure Share
*****************
#wget -O /etc/krb5.keytab http://station.network0.example.com/pub/keytabs/server
X.keytab
#systemctl enable nfs-secure-server.service
#systemctl start nfs-secure-server.service
#yum install krb5* -y
#mkdir -p /restricted/protected
#cat /etc/exports
/nfsshare
*.example.com(rw)
/securesamba/nfs *.example.com(sec=krb5p,rw)
#useradd arora
#chown arora /restricted/protected/
#chmod 655 /restricted/protected/
#systemctl restart nfs-secure-server.service
#exportfs -r
#exportfs
--------------------------------------------------------------------------------------------------------------------------10)Configure NFS mount on desktopX
********************************************************************************
*
#yum install nfs-utils krb* -y
#systemctl enable nfs-secure
#systemctl start nfs-secure
#mkdir /public
#mkdir /secure
#wget -O /etc/krb5.keytab http://station.network0.example.com/pub/keytabs/deskto
pX.keytab
#cat /etc/fstab
serverX.example.com:/nfsshare /public nfs defaults 0 0
serverX.example.com:/securesamba/nfs /secure nfs sec=krb5p,defaults 0 0
#systemctl restart nfs-secure
#mount -a
#df -h
------------------------------------------------------------------------------------------------11) Configure SMB on serverX
********************************************************************
#yum install samba* -y
#systemctl enable smb.service
#useradd susan
#smbpasswd -a susan
#smbpasswd -e susan
#mkdir /sambadir
#cat /etc/samba/smb.conf
workgroup = TESTGROUP
host allow =example.com
[model]
path = /sambadir
public = no
writable = no
browseable = yes

#systemctl restart smb


#chcon -R -t samba_share_t /sambadir
#getsebool -a | grep samba
#setsebool -P samba_enable_home_dirs on
#testparm
#firewall-cmd --permanent --add-service=samba
#firewall-cmd --reload
(ii)Multiuser share
***************************************************
#mkdir /opstack
#cat > /etc/samba/smb.conf
[OPENGROUP]
path = /opstack
public = no
writable = yes
valid users = frankenstein, martin
#chcon -R -t samba_share_t /opstack
#setfacl -m u:frankenstein:rwx /opstack
#systemctl restart smb
#systemctl restart nmb
---------------------------------------------------------------------------------------------------------------------------12)Configure SMB mount on desktopX
*******************************************************************
#yum install cifs-utils
#cat /root/multiuser.txt
username=frankenstein
password=SaniTago
#cat /etfc/fstab
//server1/OPENGROUP /mnt/smbspace
user,sec=ntlmssp 0 0

cifs credentials=/root/multiuser.txt,multi

#mount -a
----------------------------------------------------------------------------------13)Configure Webserver on serverX
********************************************************************************
****
#yum install http* -y
#systemctl enable httpd.service
#cd /var/www/html/
#wget http://station.network0.example.com/pub/rhce/sample.html
#mv sample.html index.html
#cat /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost>
#firewall-cmd --permanent --add-service=http
#firewall-cmd --reload
#systemctl restart httpd.service
-----------------------------------------------------------------------------------------------------------------------------------

14)Configure Secured Webserver on serverX


********************************************************************************
******
#yum install mod_ssl
#cd /etc/pki/tls/certs/
#wget http://classroom.example.com/pub/tls/certs/serverX.crt
#wget http://classroom.example.com/pub/example-ca.crt
#cd /etc/pki/tls/private
#wget http://classroom.example.com/pub/tls/private/serverX.key
#cat /etc/httpd/conf.d/ssl.conf
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/serverX.crt
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt

#firewall-cmd --permanent --add-service=https


#firewall-cmd --reload
#systemctl restart httpd.service
-----------------------------------------------------------------------------------------------------------------------------------15)Configure Webpage restriction on serverX
***********************************************************************
#mkdir /var/www/html/owndir
#cd /var/www/html/owndir
#wget http://station.network0.example.com/pub/rhce/restrict.html
#mv restrict.html index.html
#cat /etc/httpd/conf/httpd.conf
<directory /var/www/html/owndir>
order deny,allow
deny from all
allow from 172.25.X.11
</directory>
#systemctl restart httpd.service
----------------------------------------------------------------------------------------------------------------------------------------16)Configure virtual host on serverX
**********************************************************
#mkdir /srv/net1/vhosts -p
#cd /srv/netX/vhosts/
#wget http://station.network0.example.com/pub/rhce/vhost.html
#mv vhost.html index.html
#chcon -t httpd_sys_content_t /srv/net1/vhosts/index.html
#cat /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot /srv/netX/vhosts
ServerName vhostsX.example.com
</VirtualHost>
<directory /srv/netX/vhosts>
require all granted
</directory>
#systemctl restart httpd.service
--------------------------------------------------------------------------------

--------------------------17)Configure Dynamic Webpage on serverX


********************************************************************************
***********
#yum install mod_wsgi mod_php
#mkdir /srv/vhosts/scripts
#chcon -R -t httpd_sys_script_exec_t /srv/vhosts/scripts
#ls -ldZ /srv/vhosts/scripts
#cd /srv/vhosts/scripts
#wget http://classroom.example.com/pub/webapp.wsgi
#chmod a+x webapp.wsgi
#semanage port -a -t http_port_t -p tcp 8961
#firewall-cmd --permanent --add-port=8961/tcp
#firewall-cmd --reload
#cat /etc/httpd/conf/httpd.conf
Listen 80
Listen 8961
NameVirtualHost *:80
NameVirtualHost *:8961
<VirtualHost *:8961>
DocumentRoot /srv/vhosts/scripts
ServerName wsgiX.example.com
WSGIScriptAlias / /srv/vhosts/scripts/webapp.wsgi
</VirtualHost>
<Directory /srv/vhosts/scripts>
require all granted
</Directory>
#systemctl restart httpd.service
----------------------------------------------------------------------------------------18)Script1 on serverX
*************************
#cat /root/random
#!/bin/bash
case "$@" in
/root/randam postconf) echo "postroll";;
/root/random postroll) echo "postconf";;
*) echo "/root/conditional postconf|postroll";;
esac
#chmod a+x /root/random
---------------------------------------------------------------------------------------------19)Script2
***************************************************
#cd /root
#wget http://station.network0.example.com/pub/rhce/testfile
# cat /root/createusers
!/bin/bash
a=""
case "$@" in
testfile) for b in `cat /root/testfile`
do
useradd -s /bin/false $b
done;;

$a) echo "Usage: /root/createusers";;


*) echo "Input File Not Found";;
esac
#chmod a+x /root/createusers
-------------------------------------------------------------------------------------------------20) Configure target server on serverX
********************************************************************************
****
#yum install targetcli
#systemctl enable target.service
#firewall-cmd --permanent --add-port=3260/tcp
#firewall-cmd --reload
#fdisk /dev/vdb
#partprobe /dev/vdb
#pvcreate /dev/vdb1
#vgcreate vgnew /dev/vdb1
#lvcreate -L 1G iscsi_block /dev/vgnew
#targetcli
/> ls
o- / ......................................................................... [
...]
o- backstores .............................................................. [
...]
| o- block .................................................. [Storage Objects
: 0]
| o- fileio ................................................. [Storage Objects
: 0]
| o- pscsi .................................................. [Storage Objects
: 0]
| o- ramdisk ................................................ [Storage Objects
: 0]
o- iscsi ............................................................ [Targets
: 0]
o- loopback ......................................................... [Targets
: 0]
/> cd backstores/
/backstores> cd block
/backstores/block> create system1.disk1 /dev/vgnew/iscsi_block
/backstores/block> cd /iscsi
/iscsi> create iqn.2014-10.com.example:serverX
/iscsi> cd iqn.2014-10.com.example.serverX/tpg1/acls
/iscsi/iqn.20...em1/tpg1/acls> create iqn.2014-10.com.example:desktopX
/iscsi/iqn.20...em1/tpg1/acls> cd /iscsi/iqn.2014-08.com.example:desktopX/tpg1/l
uns
/iscsi/iqn.20...em1/tpg1/luns> create /backstores/block/serverX.disk1
/iscsi/iqn.20...em1/tpg1/luns> cd /iscsi/iqn.2014-08.com.example.network1:system
1/tpg1/portals
/iscsi/iqn.20.../tpg1/portals> create 172.25.X.11
Using default IP port 3260
Created network portal 172.25.1.11:3260.
/iscsi/iqn.20.../tpg1/portals> exit
#systemctl restart target.service
--------------------------------------------------------------------------------------------------

21) Configure target client on desktopX


*************************************************************************
#yum install iscsi-initiator-utils -y
#systemctl enable iscsi
#systemctl enable iscsid
# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-10.com.example:desktopX
#iscsiadm -m discovery -t st -p 172.25.1.11
#iscsiadm -m node -T iqn.2014-10.com.example:serverX -l
#dmesg
#cat /proc/partitions
#fdisk /dev/sda
#partprobe /dev/sda1
#mkfs -t xfs /dev/sda1
#blkid /dev/sda1
#mkdir /mnt/initiator
#cat /etc/fstab
UUID=09a4e725-37d2-49e4-adbb-59158b166152 /mnt/initiator
xfs
_netdev 0 0
#mount -a
#df -h
-------------------------------------------------------------------------------------------------------22) Configure mariadb restore on serverX
*******************************************************************
#yum groupinstall mariadb maridab-client -y
#systemctl enable mariadb.service
#systemctl start mariadb.service
#firewall-cmd --permanent --add-service=mysql
#firewall-cmd --reload
#mysql -u root
MariaDB [(none)]> create database student;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> exit
Bye
#wget http://classroom.example.com/pub/rhce/backup.mdb
#mysql -u root student < /root/mariadb.mdb
#mysql -u root
MariaDB [(none)]> show databases
-> ;
+--------------------+
| Database
|
+--------------------+
| information_schema |
| mysql
|
| performance_schema |
| student
|
| test
|
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> use student
MariaDB [student]> show tables;
+-------------------+
| Tables_in_student |

+-------------------+
| contact
|
+-------------------+
1 row in set (0.00 sec)
select * from contact
-> ;
+----------+------+---------------+
| username | UID | HOME_DIR
|
+----------+------+---------------+
| manisha | 1010 | /home/manisha |
| jackman | 1011 | /home/jackman |
| steve
| 1012 | /home/steve |
| depp
| 1013 | /home/depp
|
+----------+------+---------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> create user karthi@localhost identified by "karthi_pas
sword";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> create user fabric@'%' identified by "fabric_password"
;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> create user smith@localhost identified by "smith_passw
ord";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user from mysql.user;
+---------+
| user
|
+---------+
| legacy |
| root
|
| root
|
| andrew |
| michael |
| redhat |
| root
|
+---------+
7 rows in set (0.00 sec)
MariaDB [(none)]> grant select on student.user_details to karthi@localho
st;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant select,insert,update,delete on student.user_deta
ils to fabric@'%';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant select on student.user_details to smith@localhos
t;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show grants for karthi@localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for karthi@localhost

|
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'karthi'@'localhost' IDENTIFIED BY PASSWORD '*7F
3692EEFD8987F4E9FA4D90E49891A368EF901D' |
| GRANT SELECT ON `student`.`user_details` TO 'karthi'@'localhost'
|
+--------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> exit
Bye
-----------------------------------------------------------------------------------------------------------------------------23 Configure mariadb query
****************************************************
#mysql -u root
MariaDB [(none)]> use student;
MariaDB [student]> select * from contact where UID=1010;
+----------+------+---------------+
| username | UID | HOME_DIR
|
+----------+------+---------------+
| manisha | 1010 | /home/manisha |
+----------+------+---------------+
1 row in set (0.00 sec)
select * from contact where HOME_DIR="/home/manisha";
+----------+------+---------------+
| username | UID | HOME_DIR
|
+----------+------+---------------+
| manisha | 1010 | /home/manisha |
+----------+------+---------------+
1 row in set (0.00 sec)
MariaDB [student]> exit
---------------------------------------------------------------------------------------------------------------------------------------------