Vous êtes sur la page 1sur 35

RHCSA –Dumps:

=============

EXAM NETWORK DETAILS : -


-------------------------

#######################################

NAME/DEVICE = eth0
HOSTNAME = serverX.example.com
ip address = 172.25.X.11
NEtmask = 255.255.255.0
default getway = 172.25.X.254
dns search path = example.com
primary dns server = 172.25.254.254

############################################################

############### EXAM QUESTION


#####################
###############

Questions 1 > CONFIGURE YUM CLIENT:

Yum baseurl path = http://content.example.com/rhel7.0/x86_64/dvd

##############
Question 2 > Configure Selinux

Configure Selinux from Permissive mode Enforcing mode


--------------------------------------------------------------------
-

Questions 3 > KERNEL UPDATE:

Install the appropriate Kernel from


http://classroom.example.com/pub/updates. Your machine should boot
with updated kernel.
-------------------------------------------------------------

Qestions 4 > CREATE LVM:

Create the "LVM" with the name "fedora" by using 20PE's from the
volume group "redhat". Consider the PE size as "32MB". Mount it on
/mnt/secret with filesystem vfat.
----------------------------------------------------------------------
----------------------------------------------------------------------
----------------

Questons 5 > RESIZE LVM:


Resize the lvm /dev/vgsrv/home, so thst after reboot the size will be
in between 90MB to 120MB and the filesystem will be ext3.
---------------------------------------------------------------------
-------------

Questions 6 > EXTEND SWAP SPACE

Extend the SWAP space with "750" MB dont remove or extend the
existing swap.
----------------------------------------------------------------------
-------------------------------

Questoins 7 > USER'S GROUPS PERMISSION:

Create a group named "manager" A user harry and natasha should


belongs to "manager" group as a secondary group . A user sarah should
not have access to interactive shell and he should not be a member of
"manager" group.All above created users password "wakennym" .
----------------------------------------------------------------------
----------------------------------------------------------------------
-----------

Questions 8 > DIRECTORY COLLABORATION:

Create the Directory "/home/manager" with the following


characteristics. Group ownership of "/home/manager" should go to
"manager" group. The directory should have read, write & access
permisions for all members off "manager" group but not to any other
users.(you has to should understood that the "root" has full access on
the all files present in the system). Files created under
"/home/manager" should get the same group ownership is set to the
"manager" group.
----------------------------------------------------------------------
------------------------------------------------------

Questions 9 > CRON JOB:

The user sarah must configure a cron job that runs daily at 14:23
every day. and executes "/bin/echo "Hyer"
----------------------------------------------------------------------
--------------------------------------------

Questions 10 > ACCESS CONTROL LIST:

Copy the file /etc/fstab to /var/tmp and configure the "ACL" as


mention following. The file /vat/tmp/fstab is owned by the "root". The
file /var/tmp/fstab belongs to the group "root" The file
/var/tmp/fstab should not be executable by any one. The user "sarah"
should able to read and write to the file. The user "natasha" can
neither read nor write to the file. other users (future and current)
shuold be able to read /var/tmp/fstab.
----------------------------------------------------------------------
----------------------------------------------------------------------
------

Questions 11 > ADD USERS:

Create the user "dax" with uid 4332 with password "wakennym".
---------------------------------------------------------------------
Questions 12 > LOCATE THE FILE

locate the files of owner "dax" and copy to the location /root/found
directory
----------------------------------------------------------------------
-----------------

Questions 13 > FIND WORDS:

Find the string strator from "/usr/share/dict/words" file and copy the
lines in /root/lists.txt.
----------------------------------------------------------------------
------------------------------------

Questions 14 > BIND THE LDAPUSER FOR AUTHENTICATION:

Note the following. BASE DN: dc=example,dc=com ldap path


ldap://classroom.example.com/ Download the certificate from
"http://classroom.example.com/pub/example-ca.crt" Ldapuser10 should
login into your system and ldapuser10 password should be password.
----------------------------------------------------------------------
----------------------------------------------------------

Questions 15 > AUTOMOUNT THE HOME DIRECTORY FOR LDAPUSER:

Note the following. classroom.example.com "Nfs exports" and


/home/guests/ldapuserX Ldapuser's home directory is
classroom.example.com:/home/guests/ldapuserX. Ldapuser's home
directory should be automounted locally beneath
/home/guests/ldapuserX. While login ldapuser6 then only home
directory should accesible.
----------------------------------------------------------------------
----------------------------------------------------------------------
----

Questions 16 > "NTP" CLIENT:

Synchronize time of your system with the server classroom.example.com


----------------------------------------------------------------------
----

Questions 17 > TAKE BACKUP:


Compression & archive for /etc folder in gzip format and file
arachive file name /root/etc.tar.gz.
---------------------------------------------------------------------

===Paper 2====

RHCSA
#########################
Instruction-1
Reset root Password to redhat
---> at the start prompt of linux press e
---> go near to fi
linux 16 and press end key there it will reach at UTF-8
please type there
rd.break console=tty1
---->ctlr+x
---->#mount -o remount,rw /sysroot
---->#chroot /sysroot
---->#passwd root
----->#New Password:
----->Retype new passwd
----->#touch /.autorelabel
----->exit and exit (2 time exit is required)
if progrss is showing with % 33.21%..
its done
##########################
Instruction-2
Setup network with static IP with below given information and set
hostname to station.domainX.example.com
Static IP 172.25.X.11
Netmask 255.255.255.0
Defaul gateway 172.25.X.254
Primary DNS Server 192.X.254.254
DNS search path example.com

Ans:
#nmcli device show
#nmcli connectiom modify eth0 ipv4.address '172.25.10.10/24
172.25.10.254'
#nmcli connectiom modify eth0 ipv4.dns '172.25.254.254' ipv4.dns-
search example.com
#nmcli connection reload
#systemctl restart network.service
#cat /etc/sysconfig/network-scripts/ifcfg-eth0
########################
Instruction-3
configure yum client with baseurl as
http://classroom.example.com/content/rhel7.0/x86_64/dvd
#######################
Questions 1 | SELinux
Make SELinux as enforcing mode which is permanent .
#######################

ANS#vim /etc/sysconfig/selinux or vim /etc/selinux/config


SELINUX=Enforcing
:wq!
#sestatus
#setenforce 1
#################################
Questions 2 | CREATE LVM
Create the "LVM" with the name "fedora" by using 15PE's from tha
volume group "redhat". Consider the PE size as "16MB". Mount it on
/test with filesystem vfat.
ANS#fdisk /dev/vdb
partprobe
cat /proc/partitions
pvcreate /dev/vdb1
vgcreate -s 16 redhat
vgcreate -s 16 redhat /dev/vdb1
lvcreate -l 15 -n fedora redhat
mkdir /test
mkfs.vfat /dev/redhat/fedora
mount /dev/redhat/fedora /test/
df -hT
vim /etc/fstab
mount -a
echo ?
##############################
Questions 3 | USER'S GROUPS AND PERMISSION:
a.Create a group named "manager"

b. A user sarah and harry should belongs to "manager" group as a


secondary group user natasha should have non-interactive shell and
he should not be a memberof "manager" group. passwd for all user
created should be "redhat123".
ANS####
#groupadd manager
# useradd -G manager sarah
# useradd -G manager harry
# useradd -s /sbin/nologin natasha
# passwd sarah
# paswd harry
# passwd natasha
###########################
Questions 4 | DIRECTORY COLLABORATION:
Create the Directory "/home/manager" with the following
characteristics. Group ownership of "/home/manager" should go to
"manager" group. The directory should be have full permission for all
members of "manager" group but not to any other users except "root".
Files created under "/home/manager" should get the same group
ownership is set to the "manager" group.
ANS##
# mkdir /home/manager
# chgrp manager /home/manager
# chmod 770 /home/manager
# chmod g+s /home/manager
###########################
Questions 5 | UPDATE THE KERNEL:
Install the appropriate Kernel from http://classroom.example.com/pub/.
Your machine should boot with updated kernel.
ANS
#open your firefox or use wget
http://classroom.example.com/pub/kernel.....
#cd Download
#uname -r
#rpm -ivh kernel<tab>
#reboot
#vim /etc/grub.conf
#####################
Question:6 | CRON Job
The user sarah must configure a cron job that runs daily at 14:23. and
executes /bin/echo "welcome". Max user should not schedule cron jobs.

ANS
#useradd sarah
#echo "redhat" | passwd --stdin sarah
#su - sarah
sarah$crontab -e
23 14 * * * /bin/echo "welcome"
:wq!
#systemctl restart crond
#systemctl enable crond
#vim /etc/cron.deny
max
:wq!
##################
Questions 7 | RESIZE LVM:(Please chkeck its asking for redcuing
or extending)
Resize the lvm "/dev/vgsrv/home" so that after reboot size should be
in between 90MB to 120MB. The filesystem will be "ext4"

##########LVEXTEND#########
#lvextend -L 110M /dev/vgsrv/home
#resize2fs /dev/vgsrv/home

############steps for reducing################


#umount /dev/vgsrv/home
#e2fsck -f /dev/vgsrv/home
#resize2fs /dev/vgsrv/home 96M
#lvreduce -L 96M /dev/vgsrv/home
#mount /dev/vgsrv/home
#df -tH
#################
Question8 | LDAP
Note the following. BASE DN: dc=example,dc=com ldap path
ldap://classroom.example.com
Download the certificate from
"http://classroom.example.com/pub/EXAMPLE-CA-CERT" ldapuserX should
login into your system . Where "X" is your system no.
ANS
# yum install authconfig-gtk.x86_64 sssd -y
#system-config-authentication
in the dialogue box
ldap search base DN:type in the box --dc=example,dc=com
ldap server:type in the box --ldap://classroom.example.com/
tick on the use TLS----then Download the certificate
type in the box http://classroom.example.com/pub/EXAMPLE-CA-CERT
apply-apply
#getent passwd ldapuserX
#su - ldapuserX
if bash prompt is coming you have correctly configure ldap ,(dont fear
about error because its need a auto mount which we have not configured
yet)
#########################

Questions 9 | "NTP" CLIENT:


Configure your system as "NTP" client for "classroom.example.com".

ANS

#vim /etc/chrony.conf
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
delete first 3 pool ,but donot delete the fourth one
observe the changes
server classroom.example.com iburst
:wq

#systemctl restart chronyd.service


#sleep 30
#timedatectl
#########################
QUestion 10 | NFS Automount
Note the following. classroom.example.com "Nfs exports" /home/guests
to your system where "x" is your station ip. Ldapuser's home directory
is classroom.example.com:/home/guests/ldapuserx. Ldapuser's home
directory should be automounted locally beneath at
/home/guests/ldapuserx. While login with any of the ldapuser then only
home directory should accesible from your system that ldapuserX.

ANS
#yum install autofs -y
#vim /etc/auto.master
at the end of the line
/home/guests /etc/auto.misc
:wq!
#vim /etc/auto.misc
ldapuserX -rw
classroom.example.com:/home/guests/ldapuserX
:wq!
# systemctl restart autofs
# systemctl enable autofs
#su -ldapuserX
[ldapuser11@server11 ~]$ pwd
/home/guests/ldapuser11
#######################
Question 11 | ACL
Copy the file /etc/fstab to /var/tmp/fstab and configure the "ACL" as
mention following. The file /var/tmp/fstab is owned by the "root". The
file /var/tmp/fstab belongs to the group "root" The file
/var/tmp/fstab should not be executable by other's. The user "sarah"
should able to read and write to the file. The user "harry" can
neither read nor write to the file. other users (future and current)
shuold be able to read /var/tmp/fstab.

# cp /etc/fstab /var/tmpfstab
# setfacl -m u:sarah:rw /var/tmp/fstab
# setfacl -m u:harry:--- /var/tmp/fstab
# getfacl /var/tmp/fstab
#####################

Questions 12 | CONFIGURE FTP SERVER:


Configure FTP access from your system. Clients should have ananoumous
access to your system.

ANS
#yum install vsftd* -y
#systemctl restart vsftpd
#systemctl enable vsftpd
##################

uestions 13 | ADD USERS:


Create the user julie with uid 4332 with password "anaconda".

ANS
#useradd -u 4332 julie
#echo "anaconda" | passwd --stdin julie
######################################
Questions 14 | EXTEND SWAP SPACE:
Extend the SWAP space to 250MiB.

ANS
#fdisk /dev/vdb
press n (p,l)
enter-->enter-->type +250M enter
select t for giving type to swap id is=82
w
#partprobe
#mkswap /dev/vd7
after completing swap partition it will give an UUID copy and paste
in fstab or
in fstabe
#vim /etc/fstab
/dev/vdb7 swap swap defaults 0 0
:wq
#swapon /dev/vdb7
#mount -a ;echo $?
#free -m
####################################
Questions 15 | LOCATE THE FILES:
locate the files of owner "julie" and copy those to /root/john
directory.

ANS
#mkdir -p /root/john
#find / -user julie -exec cp -rvpf {} /root/john \;
####################################
Question16: | GREP
List all lines which have string ip from "/usr/share/dict/words" file
and copy the lines in /root/found

ANS

#grep "ip" /usr/share/dict/words >/root/found


######################################################################
############################
Question17: | ARCHIVE
Archive /etc/hosts to /var/tmp/archive.tar.bz2

ANS

#tar cjf /tmp/var/archive.tar.bz2 /etc/hosts

##################################<<<(((BEST OF
LUCK)))>>>#########################################
RHCE:
====

RHCE(Ex-300)on RHEL 7
FullMarks=300
PassMark =210
TIME=3.5hours

***************************** RHCE EXAM


*******************************
---------

YOUR CLASSROOM YUM BASEURL


http://content.example.com/rhel7.0/x86_64/dvd
------------

Qustion 1 > Set Selinux in Enforcing mode

Set the selinux policy Permissive to Enfrocing on both sides.


______________________________________________________________________
__________________________________

Customize the user environment on both systems.


_______________________________________________

Q-2. Create a custom command called "qstat" on both system1 and


system2 that runs the command '/usr/bin/ps -Ao pid,tty,user,fname,rsz'
That command should be available to all users on the system.
______________________________________________________________________
___________________________________

Qustion 3 > Configure ssh:

Configure ssh server on serverX.example.com and domain.my113t.org


should not have ssh access.

______________________________________________________________________
________________________________________

Question 4 | Configure ipv6 in both serverX & desktopX


Configure IPV6 on both serverX.example.com &
desktopX.example.com.According to following IP .
serverX.example.com - fddb:fe2a:ab1e::c0a8:X/64
desktopX.example.com - fddb:fe2a:ab1e::c0a8:20+X/64
Note :- ('X' indiacte your System number ).
______________________________________________________________________
________________________________________
Qustion 5 > Configure Network Teaming.(reaggregation) on both sides.

Configure Network teaming on system1 and system2 use two device


called eno1 and eno2
in serverX Ipaddress is 192.168.0.100/24
and desktopX ipaddress is 192.168.0.200/24

______________________________________________________________________
_______________________________________
Qustion 6 > port forwarding:

Configure PORT FORWARDING incomming connection on port 513/tcp on the


firewall to port 132/tcp on network 192.168.0.0/24

______________________________________________________________________
_________________________________________

Q-7. Configure mail on both system1 and system2.

--> Do not accept incoming mail from external sources.


--> All mail sent locally on this system automatically routed to
server1.group11.example.com
--> Mail sent from these systems should show up as comming from
group11.example.com
--> Your max test by sending mail to 'another"
--> The system server1.group11.example.com is configured to drop
mail for this user http://system1/received mail.

______________________________________________________________________
______________________________________
Qustion 8 > NFS Server:

Export your "/public" directory via NFS to the example.com domain.


Make sure that client in example.com domain should able to read only
permission in /public.

______________________________________________________________________
_____________________________________

Configure secure NFS server.


****************************
Q-9. Export your "/publicshare" directory using Kerberos via NFS to
example.com domain. Make sure that client in example.com domain should
have read and write permission for a directory /publicshare and
create a sub directory publicsecure under publicshare and make sure
ldapuserX should have read & write access over publicsecure
directory.

Use keytab for the system1.


http://classroom.exampe.com/pub/keytabs/serverX.keytab
NFS mounts.
*****************

Q-10. a) Mount /public permanently on the /mnt/secure on the system2.


b) Mount the secure nfs share /publicshare permanently on the
/mnt/securepath on system2
--> Verify that the user ldapuser1 has read and write access on
the /mnt/securepath on the system2 and use keytab file
http://classroom.example.com/pub/keytabs/desktopX.keytab

______________________________________________________________________
______________________________________
Qustion 11 > Configure SAMBA SHARE:

Q-11. Share the directory "/common" via samba. Your samba server must
be a member of "Staff" workgroup.
--> The share name must be "common". Make sure that browsable must
be enabled.
--> The shared must be available to example.com clients area.
--> The user "Harry" should have read access to the share with
samba

______________________________________________________________________
______________
Configure Samba Share.
**********************
Share a directory /secure via samba with a share name secure and
make sure browseable option must be enabled .
--> The shared must be available to example.com clients area.
--> The user "rob" should have read access to the share with samba
password "animous " and user "robby" shoud have read and write
access to the share with samba password "animous"

______________________________________________________________________
_________________________________________
Multiuser Samba mount.
**********************

Q-13. Mount /secure the samba share permanentely on the /mnt/secure


--> Mount port on system2 as a multiuser mount.
--> Mount samba share with the credentials of user rob and
password "animous"

______________________________________________________________________
________________________________________
Qustion 14 > Configure "web server":
---------------------------------------
Q-14. Configure the system1 as "web server" for the site
http://serverX.example.com
--> Download the web page station.html from
http://classroom.example.com/pub/updates/station.html
--> Rename the downloaded page as index.html.
--> Copy the index.html file to the "document root" and dont
modify

ii) Make sure the web site should be allow to example.com only and
deny to my133t.org doimain .

______________________________________________________________________
_______________________________________
Qustion 15 > Configure "web server":

Create the directory "confidential" for the DocumentRoot of your


webserver. Download the page "host.html" from
http://classroom.example.com/pub/updates/host.html And move as
index.html.It should be accessable to localhost only and not to any
other host.

______________________________________________________________________
______________________________________

Qustion 16 > Configure name virtual hosting server:

Configure the name virtual hosting server for the site


http://wwwX.example.com. Download the page "www.html" from
http://classroom.example.com/pub/updates/www.html and rename as
index.html under documenRoot "/var/www/virtual". User called rock
should able to add some content into /var/www/virtual directory.

______________________________________________________________________
_______________________________
Qustion 17 > Configure wsgi web server:

Configure "wsgi" web server site name "webappX.example.com" and


download dynamic WSGI conent from
http://classroom.example.com/pub/updates/webpp.wsgi and stored inside
virtual web server DocumentRoot of your webserver. and donot effect
virtual web serevr. port should be 8999 and client should access the
web site using webappX.example.com:8999.
______________________________________________________________________
__________
17: confiure ssl web server

Configure secure web server site name http://serverX.example.com


ant the web site will nedd to protect with tls. and the certificate
can be download from http://classroom.example.com/pub/example-ca.crt
http://classroom.example.com/pub/tls/private/serverX.key
http://classroom.example.com/pub/tls/certs/serverX.crt

______________________________________________________________________
_____________________________________
Qustion 19 > CONFIGURE "target server":
configure target server use the this iqn iqn.2015-
02.com.example.group11:system1 and 3G backing store device volume
group name iscsi_storage. iscsi storage should availabe to
desktopX.example.com sysetm only.

______________________________________________________________________
_______________________________________
20: Configure iscsi client.

Create a new 2024Mb iscsi target on your desktopX.example.com


machine. this target should be called iqn.2014-
09.com.example.group11:system1 and assign file system ext4 and mount
under /mnt/iscsi directory.
______________________________________________________________________
___________________
Qustion 21 > Configure mariadb.

Install mariadb database and user root password is animous


database sholud access only localhost. create a "Contacts" datebase
and restore a data base backup
http://classroom.example.com/pub/updates/mariadb.dump. rob user can
query and access "contacts" database should be use password is
"animous".

___________________________________________________________
Qustion 22 >list the users information who have the password=animous
from user table .user table located in mysql database. and store the
result in the file name password.txt in the location /mnt

______________________________________________________________________
________________________________________
Qustion 23 > Script:

Write the script called /root/script. If you pass an argument as


"redhat" it should print "fedora" . If you pass an argument as
"fedora" it should print "redhat". If won't pass any argument (or) if
you pass another argument other than "redhat" and "fedora"it will
print standard error "/root/script redhat|fedora".
______________________________________________________________________
____________________________________________

Q-24. Create a script on system1.

--> It should be a single argument which is the name of file that


contain usernames.
--> If argument is not supplied it should display usage
:/root/batchusers and exit.
--> If non existant file is specified, it should display file not
found.
--> Accounts should be encounted with login shell /bin/false
--> Script does not root need to set password.
===Paper 2 with solutions===(RHCE):

First Modify the Network into Static mode


Second Do Yum Client
Then Do the Solutions
No need to reset root passwd in RHCE part

Question#1 (Do it in both the systems)


Set Selinux in Enforcing mode
-------------------------------
Set the selinux policy Permissive to Enfrocing on both sides.
----------
#vim /etc/selinux/config

SELINUX=permissive <-- change permissive to Enforcing


:wq
#setenforce 1; systemctl reboot
-------------------------------------------------------------done-----
-------
Question#2
Customize the user environment on both systems.
------------------------------------------------
Create a custom command called "qstat" on both system1 and system2
that runs the command /usr/bin/ps -Ao pid,tty,user,fname,rsz
That command should be available to all users on the system.

----------
Solution
---------
#which ps
/usr/bin/ps--copy this one
open the /etc/bashrc
#vim /etc/bashrc
vim:ts=4:sw=4 (below this line)
alias qstat='/usr/bin/ps -Ao pid,tty,user,fname,rsz'

:wq
#source /etc/bashrc
#qstat
PID TT USER COMMAND RSZ
1 ? root systemd 6684
2 ? root kthreadd 0
3 ? root ksoftirq 0
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!done!!!!!!!!!!!!!!!!!!!!!
Question#3
Configure ssh on both the systems.
-------------
Configure ssh server on serverX.example.com and domain.my113t.org
should not have ssh access.
solution
------------
#vim /etc/hosts.deny
sshd: *.my133t.org
:wq
#systemctl restart sshd
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!done!!!!!!!!!!!!!!!!!!!!!!!

Question#4
Configure ipv6
--------------
Configure IPV6 on both desktopX and serverX on eth0 device, this
should not effect IPV4 network. In serverX IPV6 should be
fddb:fe2a:ab1e::c0a8:10/64 .In desktopX IPV6
fddb:fe2a:ab1e::c0a8:20/64 should be and after reboot both IPV4 and
IPV6 should be able to communicate on both sides.
Solution:-
----------
@server:-
---------
#nmcli connection modify "System eth0" ipv6.addresses
'fddb:fe2a:ab1e::c0a8:10/64' ipv6.method static
#nmcli connection down "System eth0"
#nmcli connection up "System eth0"
after reboot try to ping to the below ip
#ping6 fddb:fe2a:ab1e::c0a8:20(if it is pinging then ok)
@Client:-
---------
#nmcli connection modify "System eth0" ipv6.addresses
'fddb:fe2a:ab1e::c0a8:20/64' ipv6.method static
#nmcli connection reload
#systemctl restart network
after reboot try to ping to the below ip
#ping6 fddb:fe2a:ab1e::c0a8:10(if it is pinging then ok)
______________________________________________________________________
________________________________________

Question#5
Configure Network Teaming.(linkagregation) on both sides.
--------------------------------------------------------------
Configure Network teaming on system1 and system2 use two device called
eth1 and eth2
in serverX Ipaddress is 192.168.0.100/24
and desktopX ipaddress is 192.168.0.200/24
do the same configuation on system1 or serverX machine,just change the
IP.

#localte team
#nmcli connection add type team con-name team0 ifname team0 config
'{"runner":{"name":"activebackup"}}'
#nmcli connection show
#nmcli connection add type team-slave con-name ganesh ifname eth1
master team0
#nmcli connection add type team-slave con-name ganesh ifname eth2
master team0
#nmcli connection modify team0 ipv4.addresses '192.168.0.100/24'
#nmcli connection reload
#systemctl restart network
#teamdctl team0 state

setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1

#############################################done#####################
####################################
Question#6
port forwarding:
----------------
Configure PORT FORWARDING incomming connection on port 513/tcp on the
firewall to port 143/tcp on network 172.25.0.0/24.

#firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source


address=172.25.0.0/24 forward-port port=513 protocol=tcp to-port=143'
#firewall-cmd --reload
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!done!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!111
Question#7
Configure mail on both system1 and system2.
-----------------------------------------------
--> Do not accept incoming mail from external sources.
--> All mail sent locally on this system automatically routed to
system1.group1.example.com
--> Mail sent from these systems should show up as comming from
group1.example.com
--> Your max test by sending mail to 'another"
-------------------------------------------------------------
#lab smtp-nullclient setup(do in the lab not in exam)
Setting up server machine...
Setting up mutt...
#####if pkg is not installed ####
# rpm -qa | grep postfix
postfix-2.10.1-6.el7.x86_64
# yum install postfix* -y^C
# systemctl enable postfix^C
# systemctl restart postfix^C
# firewall-cmd --add-service=smtp --permanent
# firewall-cmd --reload
6 steps you have remember and do the same desktop in exam(system2)
#postconf -e "inet_interfaces=loopback-only"
# postconf -e "mydestination="
# postconf -e "relayhost=[smtp10.example.com]"
# postconf -e "myorigin=example.com"
# postconf -e "local_transport=error: local delivery disabled"
# postconf -e "mynetworks=127.0.0.0/8 [::1]/128"
# systemctl restart postfix.service
# su - student
[student@serverX ~]$ mail -s 'Ganesh is configured smtp null client'
student@desktop10.example.com
Hi To all ,
You can't send the mails to me.
because its null client
i can send to you
.
EOT
#######################done###############
Question#8
NFS Server:
--------------
Export your "/public" directory via NFS to the example.com domain.
Make sure that client in example.com domain should able to read only
permission in /public.
Question#9
Configure secure NFS server.
----------------------------
Export your "/publicsecure" directory with using Kerboros via NFS to
the example.com domain.
Make sure client in example.com domain shoud able to read and write
prmission on /publicsecure and create a subdirectory called
"publicshare".
a.publicshare directory owner should be ldapuserX and ldapuserX user
should able to read and write not to any other .
b.Download keytab for the server from the is url
http://classroom.exampe.com/pub/keytabs/serverX.keytab
______________________________________________________________________
____________________________________

Question#10

NFS mounts.
------------
a) Mount /public permanently on the /mnt/secure on the desktopX.
b) Mount the secure nfs share /publicsecure permanently on the
/mnt/securepath on desktopX.
--verify that user ldapuserX has read and write access on the
/mnt/securepath on the desktopX
-->use keytab file
http://classroom.example.com/pub/keytabs/desktopX.keytab

#############################
Solution of Question8 and 10a
NFS share
-----------
@Server machine
*****************
#yum install nfs* -y
#systemctl enable nfs-server
#systemctl restart nfs-server
#firewall-cmd --permanent --add-service=nfs
#firewall-cmd --permanent --add-service=mountd
#firewall-cmd --permanent --add-service=rpc-bind
#firewall-cmd --reload
#mkdir /public
#vim /etc/exports
/public *.example.com(ro) in exam your domain will be 3 fields
#exportfs -rv
#showmount -e serverX

@Client(desktop)
*****************
#yum install nfs-utils -y
#showmount -e serverX
#mkdir /mnt/secure
#vim /etc/fstab
server14:/public /mnt/secure nfs defaults 0 0
:wq
#mount -a
#df -H

Solution of Question9 and 10b.


NFS with Krb5
--------------
@Server machine
****************
#lab nfskrb5 setup(this is only for classroom)
#yum install nfs* -y
(please enable in this sequence only)
#systemctl enable nfs-server
#systemctl enable nfs-secure
#systemctl enable nfs-secure-server
(please restart in this sequence only)
#systemctl restart nfs-server
#systemctl restart nfs-secure
#systemctl restart nfs-secure-server
#firewall-cmd --permanent --add-service=nfs (we already added at first
Question)
#firewall-cmd --permanent --add-service=mountd
#firewall-cmd --permanent --add-service=rpc-bind
#firewall-cmd --reload
(use capital O and keep the file as /etc/krb5.keytab only)
#wget -O /etc/krb5.keytab
http://classroom.example.com/pub/keytabs/serverX.keytab

#mkdir /publicsecure
#mkdir /publicsecure/publicshare
#chown ldapuserX /publicsecure/publicshare/
#ls -ld /publicsecure/publicshare/
#ls -ld /publicsecure/
#vim /etc/sysconfig/nfs
at line no 13 #RPCNFSDARGS="-V 4.2" (Please capital V)
#vim /etc/exports
/publicsecure *.example.com(rw,sec=krb5p)
#exportfs -rv
#showmount -e serverX
!!!!!!!!!!!!!!!!!!!!!!
@Client(desktop)
**********************

#lab nfskrb5 setup (do not do it in exam)


#showmount -e serverX
(use capital O and keep the file as /etc/krb5.keytab only)
#wget -O /etc/krb5.keytab
http://classroom.example.com/pub/keytabs/desktop14.keytab

#systemctl enable nfs-secure (N.B:--only this one service need to


restart at desktop or clinet not other 2services)
#systemctl restart nfs-secure
#mkdir /mnt/securepath
#vim /etc/fstab
server14:/publicsecure /mnt/securepath nfs defaults,sec=krb5p,v4.2 0 0
(N.B.--here use small v not capital V)
:wq
#mount -a
#ssh lpdauserX@localhost (password is kerberos)
[ldapuser14@server14 ~]$ df -H
[ldapuser14@server14 ~]$ cd /mnt/securepath/publicshare
in this directory ldapuser should write some content.
mkdir coss
touch file
((((((((((((((((((((((((((((((DONE))))))))))))))))))))))))))))))
Question#11
Configure SAMBA SHARE:
--> Share the directory "/common" via samba. Your samba server
must be a member of "Staff" workgroup.
--> The share name must be "common". Make sure that browsable must
be enabled.
--> The shared must be available to example.com clients only.
--> The user "frank" should have read access to the share with
samba.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%
#yum install samba* -y
#systemctl enable smb nmb
#systemctl restart smb nmb
#firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload

#chcon -t samba_share_t /common/

#ls -ldZ /common/

#useradd frank

#smbpasswd -a frank
New SMB password:
Retype new SMB password:
Added user frank.

#vim /etc/samba/smb.conf
at line no 89: change workgroup = MYGROUP - STAFF
then go to the last line place the cursor at [public] and copy 7 lines
and paste it in the same file under it.
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
please observer the changes

[common]
comment = Public Stuff
path = /common
public = no
writable = no
printable = no
#write list = +staff
browseable = yes
hosts allow = 172.25.10
valid user = frank

:wq
#systemctl restart smb nmb
@client
--------
#yum install cifs-utils.x86_64 samba-client.x86_64 -y
#smbclient //server10/common -U frank%redhat
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
if upto this prompt is coming its fine!!!!!!!!!!!
#######################################################MULTIUSER######
############
We already installed,enabled,added to firewall also
now starts from
Question#12
Multiuser Samba mount.
-----------------------
--> Share the directory "/secure" via samba.
--> The share name must be "secure". Make sure that browsable must
be enabled.
--> The shared must be available to example.com clients only .
--> The user "rob" should have read access to the share with samba
password "redhat " and user "robby" shoud have read and write
access to the share with samba password "redhat"
a.Mount samaba share /secure permanentely on the /mnt/securedata.
--> on desktopX as a multiuser mount.

#mkdir /secure
#chcon -t samba_share_t /secure
#useradd rob
#useradd robby
#setfacl -m u:robby:rwx /secure
#smbpasswd -a rob
New SMB password:
Retype new SMB password:
Added user rob.
#smbpasswd -a robby
New SMB password:
Retype new SMB password:
Added user robby.
#vim /etc/samba/smb.conf
copy the 10 lines from common
[common]
comment = Public Stuff
path = /common
public = no
writable = no
printable = no
#write list = +staff
browseable = yes
hosts allow = 172.25.X.
valid users = frank
please observe the changes
[secure]
comment = Public Stuff
path = /secure
public = no
writable = no
printable = no
write list = robby
browseable = yes
hosts allow = 172.25.X.
valid users = rob robby
:wq
@client
##################
#useradd rob
#useradd robby

#smbclient //server10/secure -U rob


Enter rob's password:
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir coss
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \coss
smb: \>
#smbclient //server10/secure -U robby
Enter robby's password:
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir coss
smb: \> exit
#vim /root/smb
username=robby
redhat=redhat
:wq
#mkdir /mnt/securedata
#vim /etc/fstab
//server10/secure /mnt/securedata cifs
defaults,credentials=/root/smb,multiuser,sec=ntlmssp 0 0
:wq
#su - robby

[robby@desktop10 ~]$ cifscreds add server10


Password: please provide same samba users credential which is created
in server side (robby,rob).
$[robby@desktop10 securedata]$ in this directory please try to create
a file.
touch file12
[robby@desktop10 securedata]$ ls
file12
###############done###################
IF YOU ARE GETTING THE ERROR MSG LIKE PLEASE TROUBLESHOOT IT

if touch file12
touch: cannot touch ‘file1’: Permission denied
############################
#####################
WEB SERVER
################
Question#13 Configure "web server":
---------------------------------------
--> Configure the system1 as "web server" for the site
http://serverX.example.com
--> Download the web page station.html from
http://classroom.example.com/pub/updates/station.html
--> Rename the downloaded page as index.html.
--> Copy the index.html file to the "document root" and dont
modify

a. Make sure the web site should be allow to example.com only and deny
to my133t.org doimain .
!!!!!!!!!!!!
Solution
----------
#yum install httpd* -y
#systemctl enable httpd.service
#systemctl restart httpd.service
#firewall-cmd --permanent --add-service=http
Success
#firewall-cmd --reload
success
#rpm -qd httpd run this command
#cat /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf (read this file and
copy last 7 lines)
and paste in vim /etc/httpd/conf/httpd.conf

segreate from 354 line#########################


paste is here
<VirtualHost *:@@Port@@>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "@@ServerRoot@@/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "/var/log/httpd/dummy-host2.example.com-error_log"
CustomLog "/var/log/httpd/dummy-host2.example.com-access_log"
common
</VirtualHost>
and please observe the changes

<VirtualHost 172.25.X.11:80>(X is your system number)


ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost>
<Directory /var/www/html> [this is file lines you have to remember]
Order deny,allow
Deny from .my133t.org
Allow from .example.com
</Directory>
!!!!!!!
Now download the web page station.html from
http://classroom.example.com/pub/updates/station.html
#wget -O index.html
http://classroom.example.com/pub/updates/station.html ( run this
command)
#systemctl restart httpd.service
#curl -k http://serverX.example.com (better use firefox)
(((((((((((((((((((((((((((((((((((((Done)))))))))))))))))))))))))))))
)

Question#14
Configure "web server":
---------------------------
Create the directory "confidential" for the DocumentRoot of your
webserver. Download the page "host.html" from
http://classroom.example.com/pub/updates/host.html And move as
index.html.It should be accessable to localhost only and not to any
other host.
----------------------------------------------
#mkdir /var/www/html/confidential
N.B--Again open the conifguration file

and copy from the


<Directory /var/www/html> [this is file lines you have to remember]
Order deny,allow
Deny from .my133t.org
Allow from .example.com
</Directory>

please observe the changes

<Directory /var/www/html/confidential>
Order deny,allow
Deny from all
Allow from serverX.example.com
</Directory>
:wq
Now Download Download the page "host.html" from
http://classroom.example.com/pub/updates/host.html
#wget -O index.html http://classroom.example.com/pub/updates/host.html
(run this command no need to raname again)
#systemctl restart httpd.service
open firefox from desktop,foundation machine it should be
forbiddent,if it brsowseable then mistake with your configuration
It will only browse with serverX.example.com
((((((((((((((((((((((((((((((((((((((((((((((((Done))))))))))))))))))
)))))))))

Question#15
Configure name virtual hosting server:
--------------------------------------
Configure the name virtual hosting server for the site
http://wwwX.example.com. Download the page "www.html" from
http://classroom.example.com/pub/updates/www.html and rename as
index.html under documenRoot "/var/www/virtual". User called rock
should able to add some content into /var/www/virtual directory.
Solution
#########
#mkdir /var/www/virtual
#cd /var/www/virtual
#wget -O index.html http://classroom.example.com/pub/updates/www.html

copy the begining 5 lines from main web server configuration and
observe the changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost>

changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@wwwX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost>
#systemctl restart httpd.service

#useradd rock
#setfacl -m u:rock:rwx /var/www/virtual
#su - rock
#vim /var/www/virtual/rock.html
Rock is modifying the virtual content
:wq
#systemctl restart httpd.service
first browse firefox http://wwwX.example.com
then browse firefox http://wwwX.example.com/rock.html
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE))))))
))))))))))))))))))))))))))))))

Question#17
confiure ssl web server
-----------------------------
Configure secure web server site name http://serverX.example.com and
the web site will need to protect with SSL.
Download the certificates form following locations
http://classroom.example.com/pub/example-ca.crt
http://classroom.example.com/pub/tls/private/serverX.key
http://classroom.example.com/pub/tls/certs/serverX.crt

#solution
----------
# yum install mod_ssl -y
firewall-cmd --permanent --add-service=https
success
#firewall-cmd --reload
success
---->download the keys below location (please download only .crt
extension keys in this directory)
#cd /etc/pki/tls/certs/
wget http://classroom.example.com/pub/example-ca.crt
wget http://classroom.example.com/pub/tls/certs/serverX.crt
#cd /etc/pki/tls/private
wget http://classroom.example.com/pub/tls/private/serverX.key

Now run a command


# egrep 'SSLC|SSLE|SSLP' /etc/httpd/conf.d/ssl.conf
and copy form SSL engine on to server-chain.crt
and what ever # commented delete except server-chain.crt(just
uncomment it)

Step#1
copy the first 5 lines from the begining and observe the changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com

Step 2
(And what ever you copied from egrep 'SSLC|SSLE|SSLP'
/etc/httpd/conf.d/ssl.conf )
please paste in the middle
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
# Point SSLCertificateFile at a PEM encoded certificate. If
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Point SSLCertificateChainFile at a file containing the
# the referenced file can be the same as SSLCertificateFile
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
</VirtualHost>

final changes please observer


<VirtualHost 172.25.X.11:443>(X is your system number) 80 to 443
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 <-- this one you have to add
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

SSLCertificateFile /etc/pki/tls/certs/serverX.crt
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key

SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
#systemctl restart httpd.services
And this should be browse from all the systems.
((((((((((((((((((((1(((((((((((((((((((((((((((((((((DONE))))))))))))
))))))))))))))
Question#16
Configure wsgi web server:
-------------------------------
Configure "wsgi" web server site name "webappX.example.com" and
download dynamic WSGI conent from
http://classroom.example.com/pub/updates/webapp.wsgi and stored inside
virtual web server DocumentRoot of your webserver. and donot effect
virtual web serevr. port should be 8999 and client should access the
web site using webappX.example.com:8999.
##########
solution
---------------
#yum install mod_wsgi -y
#cd /var/www/virtual
#wget http://classroom.example.com/pub/updates/webapp.wsgi
#firewall-cmd --permanent --add-port=8999/tcp

#firewall-cmd --reload

#man semanage port


search for /example and copy and paste in terminal
#semanage port -a -t http_port_t -p tcp 8999 (and change it 81 to
8999)

open the vim /etc/httpd/conf/httpd.conf


and search Listen and Copy the Listen and paste it down
and change like this
Listen webappX.example.com:8999

and in this file only copy from


<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@wwwX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost>

and observe the changes


<VirtualHost 172.25.X.11:80> change 80 to 8999 (X is your
system number)
ServerAdmin root@webappX.example.com <--wwwX to webappX
DocumentRoot /var/www/virtual/webapp.wsgi<-- add this one
and change DocumentRoot to WSGIScriptAlias / so final
WSGIScriptAlias / /var/www/virtual/webapp.wsgi
ServerName wwwX.example.com<-- servername -webappX.example.com
</VirtualHost>

Final output
--------------
<VirtualHost 172.25.X.11:8999>
WSGIScriptAlias / /var/www/virtual/webapp.wsgi
ServerAdmin root@webappX.example.com
ServerName webappX.example.com
</VirtualHost>
:wq
#systemctl restart httpd.service
-->browse #firefox http://webappX.example.com:8999 (If Unix epoch time
is coming its done)
and
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE))))
))))))))))))))))))))))))
Question#20
Configure mariadb.
-------------------
Install mariadb database and user root password is redhat database
sholud access only localhost. create a "contacts" database.
Restore a data base backup
http://classroom.example.com/pub/materials/mariadb/mariadb.dump .
'rob' user can query and access "contacts" database should be use
password is "redhat".

#yum groupinstall mariadb* -y


#systemctl enable mariadb
#systemctl restart mariadb
#firewall-cmd --permanent --add-service=mysql
#firewall-cmd --reload
#vim /etc/my.cnf
unnder [mysqld]
skip-networking=1
:wq
#mysql_secure_installation
Enter current password for root (enter for none): dont give any passwd
here just hit enter
Set root password? [Y/n] Y
********
********
Remove anonymous users? [Y/n]Y
Disallow root login remotely? [Y/n]Y
Remove test database and access to it? [Y/n]Y
Reload privilege tables now? [Y/n]Y
Thanks for using MariaDB!!!!!!!!!!!!!!!
#mysql -u root -predhat <-- enter
MariaDB [(none)]> help create;
MariaDB [(none)]> CREATE DATABASE content;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]>help grant;and copy the below line

MariaDB [(none)]>CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY


'mypass';
*****please observe the changes*************
MariaDB [(none)]>CREATE USER 'rob'@'localhost' IDENTIFIED BY 'redhat';

MariaDB [(none)]>help grant; and copy the below line


GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
**************please observe the changes**************

MariaDB [(none)]>GRANT SELECT ON content.* TO 'rob'@'localhost';


now exit from the database type exit;
##step2#######
download a database from
http://classroom.example.com/pub/materials/mariadb/mariadb.dump
# mysql -u root -predhat content < /root/mariadb.dump
#mysql -u rob -predhat content
MariaDB [content]> show tables;
+-------------------+
| Tables_in_content |
+-------------------+
| category |
| manufacturer |
| product |
+-------------------+
3 rows in set (0.00 sec)

MariaDB [content]> select * from category where id=1;


+----+------------+
| id | name |
+----+------------+
| 1 | Networking |
+----+------------+
1 row in set (0.00 sec)
#################################copy the output and paste in a
file.txt################
Question#18
CONFIGURE "target server"
---------------------------
configure target server use the this iqn iqn.2015-
02.com.example:system1 and 3G backing store device volume group name
iscsi_storage. iscsi storage should availabe to desktopX.example.com
sysetm only.

Solution:-
----------
@Server
-------
#yum install targetcli.noarch -y
#systemctl enable target
#systemctl restart target
#firewall-cmd --permanent --add-port=3260/tcp
#firewall-cmd --reload
#fdisk /dev/vdb
Command (m for help): n
Select (default p): e
Partition number (1-4, default 1):(enter)
First sector (2048-20971519, default 2048):(enter)
Last sector, +sectors or +size{K,M,G} (2048-20971519, default
20971519):(enter)
(Partition 1 of type Extended and of size 10 GiB is set)
Command (m for help): n
First sector (4096-20971519, default 4096):(enter)
Last sector, +sectors or +size{K,M,G} (4096-20971519, default
20971519):+3G
Partition 5 of type Linux and of size 3.4 GiB is set
Command (m for help): t
Partition number (1,5, default 5):(enter)
Hex code (type L to list all codes): 8e
Command (m for help): p
Command (m for help): w
#partprobe
#pvcreate /dev/vdb5
#vgcreate iscsi_storage /dev/vdb5
#lvcreate -n storage -l 100%FREE iscsi_storage
#targetcli
/> ls(you will get output like this below)
o- /
.....................................................................
[...]
o- backstores
.......................................................... [...]
o- block ..............................................
[Storage Objects: 0]
| o- fileio .............................................
[Storage Objects: 0]
| o- pscsi ..............................................
[Storage Objects: 0]
| o- ramdisk ............................................
[Storage Objects: 0]
o- iscsi
........................................................ [Targets: 0]
o- loopback
..................................................... [Targets: 0]

/> /backstores/block create iscsi_storage


/dev/iscsi_storage/storage
/> /iscsi create iqn.2015-02.com.example:serverX
/> ls(observe the changed output now)
o- /
.....................................................................
[...]
o- backstores
.......................................................... [...]
| o- block ..............................................
[Storage Objects: 1]
| | o- iscsi_storage [/dev/iscsi_storage/storage (3.0GiB)
write-thru deactivated]
| o- fileio .............................................
[Storage Objects: 0]
| o- pscsi ..............................................
[Storage Objects: 0]
| o- ramdisk ............................................
[Storage Objects: 0]
o- iscsi
........................................................ [Targets: 1]
| o- iqn.2015-02.com.example:serverX
............................... [TPGs: 1]
| o- tpg1 ...........................................
[no-gen-acls, no-auth]
| o- acls
...................................................... [ACLs: 0]
| o- luns
...................................................... [LUNs: 0]
| o- portals
................................................ [Portals: 0]
o- loopback
..................................................... [Targets: 0]
/> /iscsi/iqn.2015-02.com.example:system1/tpg1/acls create
iqn.2015-02.com.example:desktopX
/> /iscsi/iqn.2015-02.com.example:system1/tpg1/luns create
/backstores/block/iscsi_storage
/> /iscsi/iqn.2015-02.com.example:system1/tpg1/portals create
172.25.X.11
/> ls(you should get final output like this)
o- /
.....................................................................
[...]
o- backstores
.......................................................... [...]
| o- block ..............................................
[Storage Objects: 1]
| | o- iscsi_storage [/dev/iscsi_storage/storage (3.0GiB)
write-thru activated]
| o- fileio .............................................
[Storage Objects: 0]
| o- pscsi ..............................................
[Storage Objects: 0]
| o- ramdisk ............................................
[Storage Objects: 0]
o- iscsi
........................................................ [Targets: 1]
| o- iqn.2015-02.com.example:serverX
............................... [TPGs: 1]
| o- tpg1 ...........................................
[no-gen-acls, no-auth]
| o- acls
...................................................... [ACLs: 1]
| | o- iqn.2015-02.com.example:desktopX
.................. [Mapped LUNs: 1]
| | o- mapped_lun0 ..................... [lun0
block/iscsi_storage (rw)]
| o- luns
...................................................... [LUNs: 1]
| | o- lun0 ........... [block/iscsi_storage
(/dev/iscsi_storage/storage)]
| o- portals
................................................ [Portals: 1]
| o- 172.25.X.11:3260
............................................ [OK]
o- loopback
..................................................... [Targets: 0]
/> saveconfig
/> exit
#systemctl restart targetd
######################################################################
#################################
Question#19
Configure iscsi client.
-----------------------
Create a new 2024Mb iscsi target on your DesktopX.example.com machine.
this target should be called iqn.2015-02.com.example:system1 and
assign file system ext4 and mount under /mnt/iscsi directory.

@Clint side(Desktop)
-------------------
#yum install iscsi-initiator-utils.i686 -y
#systemctl enable iscsid.service
#vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2015-02.com.example:serverX
:wq!
#systemctl restart iscsid.service
#man iscsiadm(in a new terminal or tab)
goto to end page and copy this line
iscsiadm --mode discoverydb --type sendtargets --portal
192.168.1.10 --discover
and make the following changes
#iscsiadm --mode discoverydb --type sendtargets --portal 172.25.X.11 -
-discover
Again copy from this line and make following changes as below
iscsiadm --mode node --targetname iqn.2001-05.com.doe:test --
portal 192.168.1.1:3260 --login
observe the changes
#iscsiadm --mode node --targetname iqn.2015-02.com.example:serverX --
portal 172.25.X.11:3260 --login
#fdisk -l(it should show another drive as local storage i.e. /dev/sda)
#fdisk /dev/sda
Command (m for help): n
Select (default p): p
Partition number (1-4, default 1):(enter)
First sector (8192-6291455, default 8192):(enter)
Last sector, +sectors or +size{K,M,G} (8192-6291455, default
6291455): +2024M
Command (m for help): p
Command (m for help): w
#partprobe
#mkfs.ext4 /dev/sda1
#mkdir /mnt/iscsi
#blkid(copy the UUID of /dev/sda1)
#vim /etc/fstab
UUID="25ad4e73-bc45-48e2-8f99-1891fc096c29" /mnt/iscsi ext4
_netdev 0 0
:wq!
#mount -a
#df -H
#iscsiadm --mode node --targetname iqn.2015-02.com.example:system1 --
portal 172.25.X.11:3260 --logout
(use the same command which has been used to login with changing
it to logout)
#reboot
#df -H(check whther /dev/sda1 is still mounted or not if yes then it
is successful)
(((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE)))))))))
)))))))))))))))))))))))))))))))))
Question#21
Script:
-------
Write the script called /root/script. If you pass an argument as
"redhat" it should print "fedora" . If you pass an argument as
"fedora" it should print "redhat". If you pass any argument other
than "redhat" or "fedora"it will print standard error "STDERR|red-
fed".

#!/bin/bash
if [ "$1" == "redhat" ]
then
echo "fedora"
elif [ "$1" == "fedora" ]
then
echo "redhat"
else
echo "STD|ERR-red/fed"
fi
:wq
#chmod +x /root/script1.sh
# sh /root/script1.sh redhat
(o/p=fedora)
# sh /root/script1.sh fedora
(o/p=redhat)
# sh /root/script1.sh ganesh
STD|ERR-red/fed
#############################################done#####################

Question#22
Create a script on DesktopX.
-------------------------------
--> It should be a single argument which is the name of file that
contain usernames.
--> If argument is not supplied it should display usage
:/root/batchusers and exit.
--> If non existant file is specified, it should display "file not
found."
--> Accounts should be encounted with no login shell /bin/false
--> Script does not root need to set password.

#!/bin/bash
if [ $# -eq 0 ]
then
echo "FILE:IN USAGE"
elif [ -f $1 ]
then

for x in `cat $1`


do
useradd -s /sbin/nologin $x
done
else
echo "file not found"
fi
:wq
#vim coss
user1
user2
user3
:wq
#sh /root/script2.sh coss
it will add the users
#cd /home
#########################################################DONE#########
############