Qsn 1. NFS-Server configure nfs on system1 as follows: export the /public irectory with rea only access to the groupx.example.com omain only export the /protecte irectory with rea write access to the groupx.example.com access to /protecte shoul be secure by !erbros. you can use !eytab at http://host.groupx.example.com/materials/nfs"server.!eytab the /protecte irectory shoul contain a sub-irectory name pro#ect that is owne by !rishna !rishna shoul have rea write access to /protecte/pro#ect. $Ns:$Ns:- NFS %&n %&n serve server's r'smb mb (yum -y install nfs) (m!ir /public (semanage fcontext -a -t public"content"t */public%/.)'+* (restorecon -vF, /public (ls -l /public (vim /etc/exports /public 1.0..2/3%ro' (systemctl restart nfs-server (systemctl enable nfs-server (firewall-cm --permananet --a-service4nfs (firewall-cm --complete-reloa (wget -& /etc/!rb0.!eytab http://host.group.example.com/materials/nfs"server.!eytab (m!ir /protecte (c /protecte (semanage fcontext -a -t public"content"rw"t */protecte%/.)'+* (restorecon -vF, /protecte (vim /etc/sysconfig/nfs ,56NF7,$8S4 9- 3.9 (vim /etc/exports /protect /protecte e 1.0. 1.0..2/ .2/3%rw 3%rw;syn ;sync;se c;sec4!r c4!rb0p' b0p' (m!ir /protecte/pro#ect (usera !rishna (chown !rishna /protecte/pro#ect (setfacl -m u:!rishna:rwx /protecte/pro#ect (chown nfsnoboy /protecte (systemctl restart nfs-server (systemctl restart nfs-secure-server (systemctl enable nfs-secure-server (firewall-cm --permanent --a-service4nfs (firewall-cm --complete-reloa (firewall-cm (firewall-c m --permanenet --a-service4rpc-bin --a-service 4rpc-bin (firewall-cm (firewall-c m --permanent --a-service4mount --a-servic e4mount Qsn.
. S$
wor!group4S@$FF AcommonB:-------------------------------------------- sharing name path4/common :---------------------------------------- irectory
name
vali users 4 floy
single user
browseable 4 yes writable 4 yes :------------------------------------- no nee in
hosts allow 4 1.3..2/3 (auser floy (smbpassw -a floy (smppassw -e floy (systemctl restart smb nmb (systemctl enable smb nmb (firewall-cm --permanent -a-service4samba (firewall-cm --complete-reloa
%system' (smbclient //system1/common //system1/com mon -= floy smn:"C
Qsn3. Qsn3. <=D@Eu <=D@Euse ser r S$H2 this target usasge >8 bac!ing logical volume name iscsi"store the target is only available to system.groupx.example.com only $ns:- ES6SE Server %&n system1' ( yum -y install targetcli) (systectl restart target (systemctl enable target (firewall-cm --permanent --a-port4>H2/tcp (firewall-cm -reloa (fis! /ev/va n-new
2 2
p-primary J38-siKe t-type Ie-lvm hex coe w-write or save (partprobe /ev/va (pvcreate /ev/va1 (vgcreate myvol /ev/va1 (lvcreate -n mylv -D >8 myvol (lvisplay (targetcli /Cbac!store/bloc! create iscsi"store /ev/myvol/mylv /C/iscsi create in.21H-2I.com.example.group:system1 /C/iscsi create in.21H-2I.com.example.group:system1/tpg1/acls create in.21H-2I.com.example.group:system /C/iscsi create in.21H-2I.com.example.group:system1/tpg1/portals create 1.3..>2 /C/iscsi create in.21H-2I.com.example.group:system1/tpg1/luns create /bac!stores/bloc! iscsi"store /Cls /Csaveconfig /Cexit (systemctl restart target QsnH. ES6SE ENE@E$@&, configure system so that it connects to the in.21H2I.com.example.groupx:system1 as follows the iscsi evice shoul automaticaly be available on system boot the iscsi bloc! evice contains a 1222:>H2 -l (lsbl!l (fsi! /ev/sa n p J122< w (partprobe /ev/sa (m!fs.ext3 /ev/sa1 (bl!i (m!ir /mnt/ata (vim /etc/fstab /ev/sa1 /mnt/ata ext3 "netev 2 2 (mount -a (f- h Qsn. <$,E$7? create a mariab atabase name contacts on system1 such that following contions exist the atabase shoul contain the content of the atabase ump from http://server1.groupx.example.com/materials/users.mb the atabase shoul be accessible from localhost only other than the root user; the atabase only allow ueries from the user rai!on. this user shoul have the passwor Kalebro the root user shoul have passwor Kalebro an must not be allowe to log in without using a passwor $ns:%&n system1' (yum -y groupinstall mariab) (systemctl restart mariab (systemctl enable mariab (firewall-cm --permanent --a-service4mysl (firewall-cm --complete-reloa (mysl"secure"installation set passwor - y Kalebro (mysl -u root -p /C create atabase contacts L /C show atabases L /C flush privileges L /C exit44 (wget http://server1.group.example.com/materials/users.mb (mysl -u root -p contacts Musers.mb (mysl -u root -p contacts /Ccreate user rai!on*localhost* ientifie by *Kalebro* L /Cgrant upate;insert;elete;select on contacts.) to rai!on*localhost* L /Cflush privilegesL /Cexit (vim /etc/my.cnf s!ip-networ!ing41 (systemctl restart mariab QsnI. Query atabase use the atabase contacts on system1 an the appropriate sl ueries to answer the following uestion what is the first name of person whose passwor is solicitous + $ns:$ns:- %&n system system1' 1'
(mysl -u root -p contacts /C show tablesL /C escribe tablename L /C select ) from tablename where fiel"name4*fiel"value* L QsnO. E2:IO2OC 1.3..>2:I O2OC servername alt.group.example.com wsgiscriptalias / /var/www/html/webinfo.wsgi M/virtualhostC Mirectory /var/www/htmlC oreer allow;eny allow from 1.3..2/3 M/irectoryC (semanage port -a -t http"port"t -p tcp IO2O (systemctl restart http (systemctl enable http (firewall-cm --permanent --a-port4IO2O/tcp (firewall-cm --complete-reloa (firewall-cm --permanent --a-service4http (firewall-cm --complete-reloa &N SPS@< (firefox http://alt.group.example.com:IO2O Qsn12. E>t.org shoul not have acces the webserver $ns:$ns:- %on system system1' 1' (wget http://server1.group.example.com/materials/station.html (mv station.html /var/www/html/inex.html (restorecon -vvF, /var/www/html/inex.html (ls -l /var/www/html/inex.html (vim /etc/http/conf./abc.confm!ir Mvirtualhost 1.3..>2:I2C 1.3..>2:I 2C servername system1.group.example.com ocumentroot /var/www/html M/virtualhostC Mirectory /var/www/htmlC orer allow;eny allow from 1.3..2/3 M/irectoryC (systemctl restart http &N SPS@< (firefox http://system1.group.example.com Qsn11. configure a virtual host exten your webserver on system1 to incule a virtualhost for the site http://www.groupx.example.com then perform the following step set the ocument root for the virtual host to /var/www/virtual ownloa http://server1.groupx.example.com/materials/www.html rename the ownloae file inex.html o not ma!e any moification to the content of this file place this file in the ocument root of the virtual host the usr floy must be able to create content in /var/www/virtual N&@- the original webstie http://system1.groupx.example.com must still be accessible. accessible. ns resolution for the host name www.groupx.example.com www.groupx.example.com isA!ios!founation2 7es!topBR rht-vmctl view all allreay provie by the name server groupx.example.com. $ns:%on system1' (m!ir /var/www/virtual (wget http://server1.group.example.com/materials/www.html (mv www.html /var/www/virtual/inex.html (restorecon -vvF, /var/www/virtual (restorecon -vvF, /var/www/virtual/inex.html
(ls -l /var/www/virtual/inex.html (vim /etc/http/conf./www.conf Mvirtualhost 1.3..>2:I2C 1.3..>2:I 2C servername www.groupx.example.com ocumentroot /var/www/virtual M/virtualhostC Mirectory /var/www/virtualC reuire all grante M/irectoryC (setfacl -m u:floy:rwx /var/www/virtual (systemctl restart http &N SPS@< (firefox http://www.group.example.com Qsn1. 6onfigure web content access on your webserver on system1 create irectory name private uner the ocument root irectory an configure as follows: ownloa a copy of the file http://server1.groupx.example.com/materials/private.html into this irectory an rename it inex.html o not ma!e any moification to the content of this file. the contents of private shoul be visible to anyone browsing from system1 %incluing localhost' but shoul not be accessible from other location $ns: $ns:- on sys syste tem1 m1 (m!ir /var/www/html/private (wget http://server1.group.example.com/materials/private.html (mv private.html /var/www/html/private/inex.html (restorecon -vvF, /var/www/html/private (restorecon -vvF, /var/www/html/private/inex.html (ls -l /var/www/html/inex.html (vim /etc/http/conf./abc.conf Mirectory /var/www/html/privateC orer allow;eny allow from 1.3..>2 M/irectoryC (systemctl restart http &N SPS@< (firefox http://system1.groupx.example.com/private Qsn1>. lin! aggrigation configure a networ! name lin! between system1.groupx.example.com an system.groupx.example.com accoring to the following reuirements the lin! uses the interfaces eth1 an eth the lin! will continue to functions even if one of the unerlying interfaces or networ! is own the lin! interface on system1has the aress 1.1H.x.0/3 the lin! interface on system has the aress 1.1H.x.0/3 the lin! is active after a system reboot. $ns:- %Same thing thing on both both systems systems SPS@<1 SPS@<1 an SPS@<' SPS@<' (nmcli connection a type team con-name team1 ifname team1 config *9runner9: 9name9: 9activebac!up9TT* (nmcli connection show (nmcli connection moify team1 ipv3.aresses 1.1H.12.0/3 (nmcli connection moify team1 ipv3.metho static (ifconfig (nmcli connection a type team-slave con-name team1"port1 ifname eth1 master team1 (nmcli connection a type team-slave con-name team1"port ifname eth master team1 (nmcli connection show (teamctl team1 stat (ping -E team1 1.1H.12.0 Qsn13. <$ED service configure mail on both system1 an system the system onot accpet incoming email from external resources any mail sen locally on these system is automatically route to server1.groupx.example.com mail sent from these systems show up as coming from groupx.example.com you may test your configuration by sening eamil to the localuser arthur J. the system server1.groupx.example.com has been configure rop email for this user into http://server1.groupx.example.com/recieve"mail/11 $ns:- %Same thing thing on both both systems systems SPS@<1 SPS@<1 an SPS@<' SPS@<' (yum -y install postfix) (vim /etc/postfix/mainf.cf inet"interfaces inet"interfaces 4 localhost
(nmcli connection moify 9eth29 ipvH.aresses 22a:ac1I::a20/H3 22a:ac1I::a20/H3 (nmcli connection moify 9eth29 ipvH.metho static (ifconfig (pingH 22a:ac1I::a20 %&N SPS@<' (nmcli connection show (nmcli connection moify 9eth29 ipvH.aresses 22a:ac1I::a2a/H3 22a:ac1I::a2a/H3 (nmcli connection moify 9eth29 ipvH.metho static (ifconfig (pingH 22a:ac1I::a2a Qsn1H sn1H. . 6onfi onfigu gure re your syste ystem m to to us use a efa efau ult repos eposit itor ory y:$ yum repository has been provie at http://server1.net1>.example.com//rhel $ns:(vim /etc/yum.repos./server.r /etc/yum.rep os./server.repo epo AserverB gpgchec!42 enable41 baseurl4http://server1.net1>.example.com/rhel Qsn1. Script create a script on system1 name /root/foo.sh that oes the following when run as /root/foo.sh rehat it prouces the output feora on stout when run as /root/foo.sh feora it prouces the output rehat on stout when run without arguments or any other arguments other than rehat or feora; it sens the following output to sterr: /root/foo.sh rehatGfeora $ns:$ns:- (vim (vim /root/ /root/foo foo.sh .sh (U/bin/bash if A 9R19 44 9rehat9 B then echo 9feora9 elif A 9R19 44 9feora9 B then echo 9rehat9 else echo 9/root/foo.sh rehatGfeora9 fi Qsn.1I user environment 1 create a custom comman calle stat on both system1 an system that runs the comman: /bin/ps -$o pi;tt;user;fname;rsK this comman shoul be available to all usres on the system. $ns:$ns:- (vim (vim /etc/ba /etc/bashr shrc c alias stat49/bin/ps -$o pi;tt;user;fname;rsK9 (reboot Qsn.1O SSV 6onfigure 1 configure SSV access as follows: users have remote SSV access to your virtual systems from within group12.example.com client within my1>>t.org shoul not have access to ssh on your systems. $ns:$ns:- (yum -y instal install l openssh openssh) ) (vim /etc/hosts.eny ssh : 1.H.2.2/3 1.H.2.2/3 (systemctl restart ssh (systemctl enable ssh (firewall-cm --permanent --a-service4ssh (firewall-cm --complete-reloa Qsn2. 5ort forwaring configure port forwaring in your machine system1 such that forwar all incoming connection on port 0O2O/tcp on the firewall to port I2/tcp of the machine with the 1.H.1.2/3 1.H.1.2/3 $ns:- (firewall-cm (firewall-cm --permanent --permanent --a-rich-rule4* --a-rich-rule4*rule rule family4ipv3 family4ipv3 source aress41.H.1.2/3 forwar-port port40O2O protocol4tcp to-port4I2* (firewall-cm --permanent --complete-reloa Qsn Qsn1. 1. 6rea 6reate te a scr scrip ipt t nam name e ma! ma!eu euse sers rs in /roo /root t ir irec ecto tory ry when when an argu argume ment nt file.txt pass in front of this script then users liste in this file create with /bin/false sheel. When file name is ifferent then error shows file not foun if file is not pass an argument then error shows please write comman again. 7ownloa this file from http://classroom.example.com/pub/file.txt $ns:$ns:- (vim /root/ma /root/ma!eus !eusers ers (U/bin/bash if A 9R(9 -lt 1 B then echo 9please write comman again9 exit 2 fi if A -f R1 B then for users in Xcat R1X o auser -s /bin/false Rusers one else echo 9file not foun9 fi
