RHCE Solved Paper – RHEL 6.0 NETWORK INFORMATION 1.desktop45.example.com (hostname) 2.ipadd=192.168.0.45 3.example.com=192.168.0.0/24(Network Address) 4.remote.test=192.168.1.0/24(cracker’s Address) #setup #/etc/init.d/network restart #ping 192.168.0.254 #vim base.repo
1. Selinux Set SELinux to enforcing mode #setenforece 1 #lokkit –selinux=enforcing #sestatud 2. IPforward Configure your host such that it can forward ipv4 packets . #vim /etc/sysctl.conf net.ipv4.ip_forward=1 :wq! #sysctl -p 3. SMTP Configure an SMTP mail server. Your host should be able to receive remote mails. Mail of
should be spooled to /var/spool/mail/ . #yum install postfix* -y #rpm -qa postfix #vim /etc/postfix/main.cf inet_interface=all (remove comment) #inet_interface=localhost (comment here) :wq! #/etc/init.d/postfix restart #chkconfig postfix on Check from Physical Machine.. (Remote Testing)
#mail [email protected] Check on virtual m/c..will get mail.. 4. ALIAS All mails sent to admin user should be directed to natasha #vim /etc/alises admin: natasha :wq! #newalises Check from Physical Machine.. (Remote Testing) #mail [email protected] Check on virtual m/c..will get mail. #su – natasha $mail 5. Script Create a script in bash /root/script.sh such that ,If the script is run in the following manner # /root/script.sh python o/p –> perl AND # /root/script.sh perl o/p –> python Make sure that if the no. arguement is not provided properly , then error o/p should be displayed as o/p –> Invalid Arguement If wrong arguement is provided , then error o/p should be displayed as o/p –> python|perl #vim script.sh #!/bin/bash if [ $# -ne 1 ]; then echo -e “\nInvalid Entry\n” elif [ $1 = "perl" ]; then echo -e “\npython\n” elif [ $1 = "python" ]; then echo -e “\nperl\n”
else echo -e “\nperl|python\n” fi :wq! #chmod u+x script.sh #./script.sh perl 6. FTP Configure an ftp server. User should be able to login via ftp . anonymous user can download from your site. (.my133.org) .remote.test should be denied access to ftp server. #yum install vsftpd* #vim /etc/vsftpd/vsftpd.conf tcp_wrappers=YES :wq! #/etc/init.d/vsftpd restart #chkconfig vsftpd on #getsebool -a | grep ftp #setsebool -P ftp_home_dir 1 #yum install nmap* #nmap 192.168.0.45 (To check the service) #vim /etc/host.deny vsftpd:ALL EXCEPT .example.com :wq! Check from Physical Machine.. (Remote Testing) #ftp 192.168.0.45 (virtual m/c ip) 7. NFS Share a directory /nfsshare over a n/w ,accessable to (domainX.example.com) .example.com network. Your share can be remotely tested from your physical host in (/nfs/domainXshare) /nfs/desktopX . xxx #mkdir /nfsshare #yum install nfs* -y #rpm -qa nfs-utils #vim /etc/exports /nfsshare 192.168.0.0/255.255.255.0(sync) :wq! #/etc/init.d/nfs restart #chkconfig nfs on Check from Physical Machine.. (Remote Testing) #showmount -e 192.168.0.45 #cd /nfs/domainsXhare
8. LOOP Mount an iso file /root/boot.iso on /disk . This mount should be persistant across system restart #mkdir /disk #vim /etc/fstab /root/boot.iso /disk auto or(iso9660) defaults,loop 0 0 :wq! #mount -a #df -hT 9. SSH Congigure ssh server. This service must be accessable only over (domainX.example.com) .example.com network . #yum install openssh-server* -y #yum install sshd* #/etc/init.d/sshd restart #chkconfig sshd on #vim /etc/host.deny sshd:ALL EXCEPT .example.com :wq! Check from Physical Machine.. (Remote Testing) #ssh [email protected] 10. Website Host an apache webserver over your hostname. The webpage to be hosted is shared as (ftp://host.domainX.example.com/pub/web/station.html) ftp://instructor.example.com/pub/web/station.html. The name resolution is provided on your dns server. Do not edit the webpage contents . #yum install httpd* #lftp 192.168.0.254(server) >ls > cd pub/web > get station.html #cp station.html /var/www/html/index.html #vim /etc/httpd/conf/httpd.conf copy last 7 lines & paste ServerAdmin [email protected] DocumentRoot /var/www/html ServerName desktop45.example.com
:wq! #httpd -t #/etc/init.d/httpd restart #chkconfig httpd on #restorecon -Rv /var/www/html #elinks http://desktop45.example.com Check from Physical Machine.. (Remote Testing) #elinks http://desktop45.example.com 11. iSCSI Import an iscsi disk from the server instructor.example.com. The iscsi disk must be mounted as /mnt/iscsi.Download iscsi.txt file in mounted directory from(ftp://host.domainX.example.com/pub/) This mount should be persistant across reboot. #yum install iscsi-initiator-utils* #iscsiadm -m discovery -t st -p 192.168.0.254 It gives iqn.no copy & paste it to login #iscsiadm -m node -T iqn.no (paste) -l #fdisk /dev/sdb create a partition—> #mkfs.ext4 /dev/sdb1 #mkdir /mnt/iscsi #blkid /dev/sdb1 (It gives UUID) #vim /etc/fstab UUID /mnt/iscsi ext4 defaults,_netdev 0 0 :wq! #mount -a #cd /mnt/iscsi #lftp 192.168.0.254>download iscsi.txt file #df -hT 12. V Web Host a virtual website over (wwwX.domainX.example.com) d.example.com . The webpage to be hosted is shared as (ftp://host.domainX.example.com/pub/web/www.html) ftp://instructor.example.com/pub/web/www.html . Create a DocumentRoot /var/www/virtual for hosting this page. Owner of /var/www/virtual should be harry. The name resolution is provided on your dns server. #lftp 192.168.0.254 >cd pub/web
> get http://www.html #mkdir /var/www/virtual #cp http://www.html /var/www/virtual/index.html #vim /etc/httpd/conf/httpd.conf NamevirtualHost desktop45.example.com copy last 7 lines & paste ServerAdmin [email protected] DocumentRoot /var/www/virtual ServerName www45.example.com :wq! #httpd -t #/etc/init.d/httpd restart #chkconfig httpd on #restorecon -R /var/www/virtual #chown harry /var/www/virtual #elinks http://www45.example.com Check from Physical Machine.. (Remote Testing) #elinks http://www45.example.com 15. copy the file station.html to /var/www/html/secure/index.html. Secure the file & make it available to only localhost over apache webserver . #mkdir /var/www/html/secure #cp station.html /var/www/html/secure/index.html #vim /etc/httpd/conf/httpd.conf order deny,allow Allow from desktop45.example.com Deny all :wq! #httpd -t #/etc/init.d/httpd restart #chkconfig httpd on #elinks http://www45.example.com Check from Physical Machine.. (Remote Testing) #elinks http://www45.example.com 13. Samba Create a samba share /samba with share name samba . Your workgroup should be IT . this share should be browsable . The natasha can access this share
as readable only . This share is accessable only over (domainX.example.com) example.com . #yum install samba* #mkdir /samba #vim /etc/samba/smb.conf workgroup=WORKGROUP copy last 7 lines & paste [samba] path=/samba browsable=yes read list=natasha hosts allow= 192.168.0. :wq! #testparm #smbpasswd -a natasha #/etc/init.d/smb restart #chkconfig smb on #chcon -R -t samba_share_t /samba #smbclient //192.168.0.45/samba -U natasha 14. Cron deny The user jean should not be able to add a cron job for herself. #vim /etc/cron.deny jean :wq! #su – jean $crontab -e It will not allow jean. 16. Pass a parameter sysvctl=1 to your kernel at boot time . changes made should be persistant . #vim /boot/grub/grub.conf After kernal entry,last write sysvctl=1 :wq!