Suresh Kumar (RedHat Certified Engineer)
You have a system installed Red Hat Enterprise Linux os. The system must be configured with a set of locally-defined administrators and bound to an NIS domain, RHCE for additional user accounts. Your machine will be a member of the DNS domain example.com. All the systems in the example.com DNS domain are in the 172.16.0.0/16 subnet & all systems in that subnet are in example.com.
Your system will be rebooted before it is graded, so make sure that all changes you implement are persistent across reboots. You should also be aware the scoring items will be evaluated by whether they work as specified. Consequently, a correctly configured networking service will earn no points if networking itself is broken.
If your hostname is station1.example.com then you can log in to this system with the username guest1 & the password is password. You will not be able to log in successfully to any other account on that system.
The requirements for this section include configuration of security restrictions on various network services. You should be aware tht making the services available for permitted hosts & networks is a higher priority than restricting any prohibited networks, because you will not receive credit for successful configuration of services if the implemented restrictions block access to permitted hosts & networks. If you choose to use kernel level firewalling, you must REJECT rather than DROP unwanted packets.
Be aware that you are not permitted to communicate with other examinees during the course of this exam. You are also prohibited from connecting to the hosts of other examinees. The testing system and the network will be monitored, & misuse of either will result in a grade of zero on this section.
Your distribution is avilable via YUM:
http://172.16.0.254/rhel5/Server
SELinux & firewall must be enabled. Default gateway is 172.16.0.254/16.
You will note that some requirements specify that a service should not be avilable from the DNS domain my133t.org. All the systems in that domain are in the172.17.0.0/16 subnet.
RHCT SECTION
1. Set the root password as rW9ySX. Install the dialog RPM package.
2. Create the following users, groups & group memberships:
a. A group named admin
b. A user andrew who belongs to admin as a secondary group
c. A user brad who also belongs to admin as a secondary group
d. A user smith who does not have access to an interactive shell on the system, & who is not a memer of admin
e. andrew, brad & smith shold all have the password passwd.
3. Create a collaborative directory /shared/sysusers with the
Following characteristics:
a. Group ownership of /shared/sysusers is admin
b. The directory should be readable, writable & accessible to members of admin, but not to any other user.
c. Files created in /shared/sysusers automatically have group ownership set to the sysusers group
4. Install the appropriate kernel update from
ftp://server.example.com/pub/updates.
The following criteria must also be met.
a. The older kernel is the default kernel when the system is
rebooted
b. The original kernel remains available & bootable on the system
5. Enabled IP forwarding on your machine.
6. Set up the default print queue to forward jobs to the IPP print queue stationx on server.example.com, where x is your station number. Configure printer as “Generic – text-only” print queue.
Note: the queue stationx on server dumps print jobs into the file http://server/printers/stationx. This file can be examined to confirm that you have configured the print queue correctly.
7. The user andrew must be configure a cronjob that runs daily at 15:25 local time & executes – /bin/echo hello at terminal 8.
8. Bind to the NIS domain example.com provided by 172.16.0.254 for
user authentication. Note the following:
a. nisuserz should be able to log into your system, where z is your station number, but will not have a homedirectory until
you have completed the autofs requirement below
b. All NIS users have a password of passwd.
c. server.example.com NFS-exports /rhome to your system
d. nisuserz’s home directory is server.example.com:/rhome/nisuserz where z is your station number.
e. nisuserz’s home directory should be automounted locally beneath
/rhome as /rhome/nisuserz.
f. while you are able to log in as any of the users nisuser1
through nisuser10, the only home directory that is accessible from
your system is nisuserz.
9. Configure your system so that is is an NTP client of server.example.com.
10. One logical volume LogVol00 is created under GrpVol00. The initial size of this logical volume is 350MB. successfully extend it to 650MB. (range condierable is 570MB to 630MB).
11. One partition is mounted under /quota. brad user has full access on this directory. When he tried
dd if=/dev/zero of=/quota/somefile bs=1k count=60
he has successfully created the file. Again he tried
dd if=/dev/zero of=/quota/somefile bs=1k count=85
he has successfully created the file upto 80kb.
RHCE SECTION
1. Configure SSH access as follows:
a. andrew has remote SSH access to your machine from within example.com
b. Clients within my133t.org should NOT have access to ssh on your system.
2. Configure FTP access on your system:
a. Clients within the example.com domain should have anonymous FTP access to your machine.
b. Clients outside example.com should NOT have access to your FTP service
3. Share the /shared directory via SMB:
a. Your SMB server must be a member of the SMBGROUP workgroup
b. The share’s name must be shared
c. The shared share must be avilable to example.com domain clients only
d. The shared share must be browseable
e. brad must have read access to the share, authenticating with the same password password, if necessary
4. Implement a web server for the site http://stationx.example.com
Then perform the following steps:
a. Download ftp://server.example.com/pub/rhce/station.html
b. Rename the downloaded file to index.html
c. Copy this index.html to the DocumentRoot of your web server
d. Do not make any modifications to the contents of index.html
e. Download ftp://server.example.com/pub/rhce/www.html & rename the file to index.html at DocumentRoot /var/www/virtual
f. Extend your web server to include a virtual host for site
http://stationxx.example.com which are mapped to one ip.
g. The site http://stationx.example.com is accessibel only in example.com
5. Configure SMTP mail service according to the following
requirements:
Your mail server should accept mail from remote hosts &
localhost
b. Brad must be able to receive mail from remote hosts
c. mail delivered to brad should spool into the default mail spool for brad /var/spool/mail/susan.
d. Configure email alias for your MTA such that mail sent to
acctmgr is received by the local user andrew.
6. Configure POP3 email on your system according to these criteria:
a. brad must be able to retrieve email from your machine using POP3 from within example.com
b. Clients within the my133t.org domain should not have access to your POP3 service.
ADDITIONAL RHCE REQUIREMENTS:
Implement a web proxy server bound to port 8080. Clients within example.com should have access to your proxy server. Clients outside of example.com should not have access to your proxy server.
2. Export /shared directory only within example.com.
