Learn and Teach!

Setup utility server for Lab.

1 – Setup Yum Repository

Attach ISO with server and mount it into your Linux server

mount -t iso9660 /dev/cdrom /media/

rpm -Uvh deltarpm-3.6-3.el7.x86_64.rpm

rpm -Uvh python-deltarpm-3.6-3.el7.x86_64.rpm

rpm -Uvh createrepo-0.9.9-26.el7.noarch.rpm

rpm -Uvh vsftpd-3.0.2-21.el7.x86_64.rpm

cp -Rv /media/* /var/ftp/pub/

createrepo -v /var/ftp/pub/

2 – Setup ftp for yum

Systemctl start vsftpd

Systemctl enable vsftpd

firewall-cmd --permanent --add-service=vsftpd

firewall-cmd –reload

vi /etc/sysconfig/modules/ftp.modules

#!/bin/sh

exec /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1

chmod +x /etc/sysconfig/modules/ftp.modules

If you need read and write on ftp

setsebool -P ftp_home_dir=1

3 – Setup http for yum

4 – Create repo file in /etc/yum.repos.d/local.repo

[localrepo]

name = Local Repo for RedHat Exams

baseurl = ftp://192.168.139.130/pub

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
gpgcheck = 0

enabled = 1

5 – To enable local yum repo

Because This Server is installed in minimal version ( which I recommended ) so you have to
install following packages in your utility server

rpm -Uvh python-chardet-2.2.1-1.el7_1.noarch.rpm

rpm -Uvh python-kitchen-1.1.1-5.el7.noarch.rpm

rpm -Uvh yum-utils-1.1.31-40.el7.noarch.rpm

yum-config-manager --enable localrepo

Now try to install samba

Yum install samba –y

Now Next one is Your Master DNS Server

Yum install bind bind-utils –y

firewall-cmd --permanent --add-service=dns

firewall-cmd --reload

systemctl enable named

systemctl start named

Edit the /etc/named.conf file and change/add the followings:

options {

listen-on port 53 { any; };

allow-query { any; };

below recursive

forward only;

forwarders {127.0.0.1; 192.168.139.2};

dnssec-validation no;

after zone add following

zone "example.com" {

type master;

file "example.com.zone";

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
allow-update { none; };

};

zone "139.168.192.in-addr.arpa" {

type master;

file "example.com.revzone";

allow-update { none; };

};

Create the /var/named/example.com.zone

$TTL 86400

@ IN SOA dns.example.com. root.example.com. (

2016121501 ; Serial

1d ; refresh

2h ; retry

4w ; expire

1h ) ; min cache

IN NS dns.example.com.

IN MX 10 mail.example.com.

gateway IN A 192.168.139.2

dns IN A 192.168.139.130

mail IN A 192.168.139.130

reposrv IN A 192.168.139.130

master IN CNAME dns.example.com.

node-1 IN A 192.168.139.140

node-2 IN A 192.168.139.141

workstation8 IN A 192.168.139.150

Create the /var/named/example.com.revzone

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
$TTL 86400

@ IN SOA dns.example.com. root.example.com. (

2016121501 ; Serial

1d ; refresh

2h ; retry

4w ; expire

1h ) ; min cache

IN NS dns.example.com.

2 IN PTR gateway.example.com.

130 IN PTR dns.example.com.

130 IN PTR mail.example.com.

130 IN PTR reposrv.example.com

140 IN PTR node-1.example.com.

141 IN PTR node-2.example.com.

150 IN PTR workstation8.example.com.

150 IN PTR workstation8.example.com.

Now check the configurations that you just did

named-checkconf

named-checkzone example.com /var/named/example.com.zone

named-checkzone 1.168.192.in-addr.arpa /var/named/example.com.revzone

Result should be OK

nslookup cnn.com 127.0.0.1

dig @127.0.0.1 cnn.com

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
Configure a central mail server

yum install -y postfix

firewall-cmd --permanent --add-service=smtp

firewall-cmd –reload

systemctl enable postfix

systemctl start postfix

vi /etc/postfix/main.cf

myhostname = mail.example.com

mydomain = example.com

myorigin = $mydomain

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mynetworks = 192.168.139.0/24, 127.0.0.0/8

Now check the Configs

postfix check

postconf -n

setsebool -P allow_postfix_local_write_mail_spool = 1

systemctl restart postfix

Install yum install mailx -y

echo " This is Root, testing email " | mail -s "Test" amman@example.com

su – amman

Now Insall and Configure a LDAP directory service for user authentication task

yum install -y openldap openldap-clients openldap-servers migrationtools

slappasswd -s password -n > /etc/openldap/passwd

Generate a X509 certificate valid for 90 days

openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout

/etc/openldap/certs/priv.pem -days 90

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
chown ldap:ldap /etc/openldap/certs/*

chmod 600 /etc/openldap/certs/priv.pem

Now Prepare the LDAP database

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Generate database files (don’t worry about error messages!)

Slaptest

chown ldap:ldap /var/lib/ldap/*

systemctl enable slapd

systemctl start slapd

Now start the configuration of the LDAP server, add the cosine & nis LDAP schemas

cd /etc/openldap/schema/

ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif

vi /etc/openldap/changes.ldif

Copy These lines

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=Manager,dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootPW

olcRootPW: {SSHA}Yk7jC+noIYXT1w+xKMAKgaBb07j70L8/

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
dn: cn=config

changetype: modify

replace: olcTLSCertificateFile

olcTLSCertificateFile: /etc/openldap/certs/cert.pem

dn: cn=config

changetype: modify

replace: olcTLSCertificateKeyFile

olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem

dn: cn=config

changetype: modify

replace: olcLogLevel

olcLogLevel: -1

dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"

read by dn.base="cn=Manager,dc=example,dc=com" read by * none

Now Send these configs to slapd server

ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif

vi /etc/openldap/base.ldif

Copy these lines

dn: dc=example,dc=com

dc: example

objectClass: top

objectClass: domain

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
dn: ou=People,dc=example,dc=com

ou: People

objectClass: top

objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com

ou: Group

objectClass: top

objectClass: organizationalUnit

Now build the directory structure

ldapadd -x -w password -D cn=Manager,dc=example,dc=com -f /etc/openldap/base.ldif

Now You can create users

mkdir /home/guests

useradd -d /home/guests/ldapuser01 ldapuser01

passwd ldapuser01

Changing password for user ldapuser01.

New password: password

Retype new password: password

passwd: all authentication tokens updated successfully.

useradd -d /home/guests/ldapuser02 ldapuser02

passwd ldapuser02

Changing password for user ldapuser02.

New password: password

Retype new password: password

passwd: all authentication tokens updated successfully

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
User Account Migration

cd /usr/share/migrationtools/

vi migrate_common.ph

Replace the following lines

$DEFAULT_MAIL_DOMAIN = "example.com";

$DEFAULT_BASE = "dc=example,dc=com";

Create the current users in the directory service

grep ":10[0-9][0-9]" /etc/passwd > passwd

./migrate_passwd.pl passwd users.ldif

ldapadd -x -w password -D cn=Manager,dc=example,dc=com -f users.ldif

Create the current users groups in the directory service

grep ":10[0-9][0-9]" /etc/group > group

./migrate_group.pl group groups.ldif

ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f groups.ldif

Now

firewall-cmd --permanent --add-service=ldap

firewall-cmd --reload

Edit the /etc/rsyslog.conf file and add the following line

Vi /etc/rsyslog.conf

local4.* /var/log/ldap.log

systemctl restart rsyslog

Now the the user

ldapsearch -x cn=ldapuser01 -b dc=example,dc=com

Result should be:

# extended LDIF

# LDAPv3

# base <dc=example,dc=com> with scope subtree

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
# filter: cn=ldapuser01

# requesting: ALL

# ldapuser01, People, example.com

dn: uid=ldapuser01,ou=People,dc=example,dc=com

uid: ldapuser01

cn: ldapuser01

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSQ2JGtyWUNydnlNJFhJQUpLNXZKNkpCVDZEbXNuU3NpelRVZ0RlUGd

oVTRPQlQ4b25ibjNSalRKSjVtT0tmWjd4RjIySk03anlVSUU0NEsvSXNtaUFCUEM3bkI0TlYyY2gv

shadowLastChange: 17150

shadowMin: 0

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 1002

gidNumber: 1002

homeDirectory: /home/guests/ldapuser01

# ldapuser01, Group, example.com

dn: cn=ldapuser01,ou=Group,dc=example,dc=com

objectClass: posixGroup

objectClass: top

cn: ldapuser01

userPassword:: e2NyeXB0fXg=

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
gidNumber: 1002

# search result

search: 2

result: 0 Success

# numResponses: 3

# numEntries: 2

Install NFS Server for Sharing tasks

yum install nfs-utils libnfsidmap -y

yum install nfs-server -y

yum install nfs –y

systemctl start nfs-idmapd

systemctl enable rpcbind

systemctl enable nfs-server

systemctl start rpcbind

systemctl start nfs-server

systemctl start rpc-statd

firewall-cmd --permanent --add-service=nfs

firewall-cmd --reload

mkdir /home/srvshare/

mkdir /www

chmod 0777 /home/srvshare/

chmod 0777 /home/guests

chmod 0777 /www

yum -y install policycoreutils-python

semanage fcontext -a -t public_content_rw_t "/home/srvshare/(/.*)?"

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
semanage fcontext -a -t public_content_rw_t "/home/guests/(/.*)?"

semanage fcontext -a -t public_content_rw_t "/www/(/.*)?"

restorecon -R /home/srvshare

restorecon -R /home/guests

restorecon -R /www

setsebool -P nfs_export_all_rw on

setsebool -P nfs_export_all_ro on

setsebool -P use_nfs_home_dirs on

vi /etc/exports

/home/srvshare reposrv.example.com(rw,no_root_squash)

/home/guests reposrv.example.com(rw,no_root_squash)

exportfs –avr

systemctl restart nfs-server

showmount -e localhost

firewall-cmd --permanent --zone public --add-service mountd

firewall-cmd --permanent --zone public --add-service rpc-bind

firewall-cmd --reload

Install and configure Samba Server for CIFS/SMB Share

yum install samba samba-client samba-winbind –y

mv /etc/samba/smb.conf /etc/samba/smb.conf.bk

vi /etc/samba/smb.conf

[global]

workgroup = MYGROUP

#server string = Samba Server Version %v

netbios name = MYSERVER

interfaces = lo,ens33,192.168.139.0/24

hosts allow = 127.,192.168.139.

log file = /var/log/samba/log.%m

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
max log size = 50

idmap config * : backend = tdb

security = user

passdb backend = tdbsam

[shared]

comment = Shared directory

browseable = yes

path = /shared

valid users = sarah

writable = yes

mkdir /shared

chmod 777 /shared

semanage fcontext -a -t samba_share_t "/shared(/.*)?"

restorecon -Rv /shared

firewall-cmd --permanent --add-service=samba

firewall-cmd --reload

echo "Hello this is Sarah." > /shared/sarah

systemctl enable smb

systemctl enable nmb

systemctl enable winbind

systemctl start smb

systemctl start nmb

systemctl start winbind

useradd sarah

smbclient //192.168.139.130/shared -U sarah

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce

 Learn and Teach!
yum install elinks –y

Now setup ssh-key for password less communication between nodes

ssh-keygen -t rsa

ssh root@192.168.139.140 mkdir -p .ssh

ssh root@192.168.139.141 mkdir -p .ssh

ssh root@192.168.139.142 mkdir -p .ssh

ssh root@192.168.139.143 mkdir -p .ssh

Now Copy ssh key files into the nodes

cat .ssh/id_rsa.pub | ssh root@192.168.139.140 'cat >> .ssh/authorized_keys'

cat .ssh/id_rsa.pub | ssh root@192.168.139.141 'cat >> .ssh/authorized_keys'

cat .ssh/id_rsa.pub | ssh root@192.168.139.142 'cat >> .ssh/authorized_keys'

cat .ssh/id_rsa.pub | ssh root@192.168.139.143 'cat >> .ssh/authorized_keys'

Change directory attributes

ssh root@192.168.139.140 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

ssh root@192.168.139.141 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

ssh root@192.168.139.142 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

ssh root@192.168.139.143 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

Now check with login

ssh root@192.168.139.140

ssh root@192.168.139.141

ssh root@192.168.139.142

ssh root@192.168.139.143

Note: This Server is built for Red Hat Exams Modifications are not allowed. If anything need to
change please let me know?

End

Email: expert.ryk@gmail.com, Skype: expertryk, LinkedIn: https://sa.linkedin.com/in/amanullahrhce