Wednesday, July 7, 2010


Suresh Kumar (RedHat Certified Engineer)

You have a system installed Red Hat Enterprise Linux os. The system must be configured with a set of locally-defined administrators and bound to an NIS domain, RHCE for additional user accounts. Your machine will be a member of the DNS domain All the systems in the DNS domain are in the subnet & all systems in that subnet are in
Your system will be rebooted before it is graded, so make sure that all changes you implement are persistent across reboots. You should also be aware the scoring items will be evaluated by whether they work as specified. Consequently, a correctly configured networking service will earn no points if networking itself is broken.
If your hostname is then you can log in to this system with the username guest1 & the password is password. You will not be able to log in successfully to any other account on that system.
The requirements for this section include configuration of security restrictions on various network services. You should be aware tht making the services available for permitted hosts & networks is a higher priority than restricting any prohibited networks, because you will not receive credit for successful configuration of services if the implemented restrictions block access to permitted hosts & networks. If you choose to use kernel level firewalling, you must REJECT rather than DROP unwanted packets.
Be aware that you are not permitted to communicate with other examinees during the course of this exam. You are also prohibited from connecting to the hosts of other examinees. The testing system and the network will be monitored, & misuse of either will result in a grade of zero on this section.
Your distribution is avilable via YUM:
SELinux & firewall must be enabled. Default gateway is
You will note that some requirements specify that a service should not be avilable from the DNS domain All the systems in that domain are in the subnet.


1. Set the root password as rW9ySX. Install the dialog RPM package.

2. Create the following users, groups & group memberships:
a. A group named admin
b. A user andrew who belongs to admin as a secondary group
c. A user brad who also belongs to admin as a secondary group
d. A user smith who does not have access to an interactive shell on the system, & who is not a memer of admin
e. andrew, brad & smith shold all have the password passwd.

3. Create a collaborative directory /shared/sysusers with the

Following characteristics:
a. Group ownership of /shared/sysusers is admin
b. The directory should be readable, writable & accessible to members of admin, but not to any other user.
c. Files created in /shared/sysusers automatically have group ownership set to the sysusers group

4. Install the appropriate kernel update from

The following criteria must also be met.

a. The older kernel is the default kernel when the system is

b. The original kernel remains available & bootable on the system

5. Enabled IP forwarding on your machine.

6. Set up the default print queue to forward jobs to the IPP print queue stationx on, where x is your station number. Configure printer as “Generic – text-only” print queue.

Note: the queue stationx on server dumps print jobs into the file http://server/printers/stationx. This file can be examined to confirm that you have configured the print queue correctly.

7. The user andrew must be configure a cronjob that runs daily at 15:25 local time & executes – /bin/echo hello at terminal 8.

8. Bind to the NIS domain provided by for

user authentication. Note the following:
a. nisuserz should be able to log into your system, where z is your station number, but will not have a homedirectory until

you have completed the autofs requirement below

b. All NIS users have a password of passwd.

c. NFS-exports /rhome to your system

d. nisuserz’s home directory is where z is your station number.

e. nisuserz’s home directory should be automounted locally beneath
/rhome as /rhome/nisuserz.

f. while you are able to log in as any of the users nisuser1

through nisuser10, the only home directory that is accessible from

your system is nisuserz.

9. Configure your system so that is is an NTP client of

10. One logical volume LogVol00 is created under GrpVol00. The initial size of this logical volume is 350MB. successfully extend it to 650MB. (range condierable is 570MB to 630MB).

11. One partition is mounted under /quota. brad user has full access on this directory. When he tried
dd if=/dev/zero of=/quota/somefile bs=1k count=60
he has successfully created the file. Again he tried
dd if=/dev/zero of=/quota/somefile bs=1k count=85
he has successfully created the file upto 80kb.


1. Configure SSH access as follows:
a. andrew has remote SSH access to your machine from within
b. Clients within should NOT have access to ssh on your system.

2. Configure FTP access on your system:
a. Clients within the domain should have anonymous FTP access to your machine.
b. Clients outside should NOT have access to your FTP service

3. Share the /shared directory via SMB:
a. Your SMB server must be a member of the SMBGROUP workgroup
b. The share’s name must be shared
c. The shared share must be avilable to domain clients only
d. The shared share must be browseable
e. brad must have read access to the share, authenticating with the same password password, if necessary

4. Implement a web server for the site

Then perform the following steps:

a. Download

b. Rename the downloaded file to index.html

c. Copy this index.html to the DocumentRoot of your web server

d. Do not make any modifications to the contents of index.html

e. Download & rename the file to index.html at DocumentRoot /var/www/virtual

f. Extend your web server to include a virtual host for site which are mapped to one ip.

g. The site is accessibel only in

5. Configure SMTP mail service according to the following

Your mail server should accept mail from remote hosts &


b. Brad must be able to receive mail from remote hosts

c. mail delivered to brad should spool into the default mail spool for brad /var/spool/mail/susan.

d. Configure email alias for your MTA such that mail sent to

acctmgr is received by the local user andrew.

6. Configure POP3 email on your system according to these criteria:
a. brad must be able to retrieve email from your machine using POP3 from within

b. Clients within the domain should not have access to your POP3 service.


Implement a web proxy server bound to port 8080. Clients within should have access to your proxy server. Clients outside of should not have access to your proxy server.

2. Export /shared directory only within