चह जतन अछ कर कल तफ त लग सरशन रम ह क ग... ...
[email protected]#: ========================= Dont Break the passwd here login with Root Account #change the hostname as static #Modify the !" as static # $um %lient &uestion#' (Do it in )oth the systems* +et +elinu, in -nforcing mode +et the selinu, policy !ermissi/e to -nfrocing on )oth sides. #/im 0etc0selinu,0config +-1234=permissi/e 5 change permissi/e to -nforcing :w6 #setenforce '7 systemctl re)oot done &uestion#8 %ustomi9e the user en/ironment on )oth systems. %reate a custom command called 6stat on )oth system' and system8 that runs the command 0usr0)in0ps Ao pid;tty;user;fname;rs9
0usr0)in0ps Ao pid;tty;user;fname;rs9> :w6 #source 0etc0)ashrc #6stat ????????????????????????????????????????????????????????????????????????? done????????????????????? &uestion# %onfigure ssh on )oth the systems. %onfigure ssh ser/er on ser/er4.e,ample.com and domain.my''t.org should not ha/e ssh access. solution #/im 0etc0hosts.deny sshd: .my't.org :w6 #systemctl restart sshd ????????????????????????????????????done??????????????????????? &uestion# %onfigure ip/ %onfigure !" on )oth desktop4 and ser/er4 on eth de/ice; this should not effect !" network. n ser/er4 !" should )e fdd):fe8a:a)'e::caC:'0 .n desktop4 !" fdd):fe8a:a)'e::caC:80 should )e
and after re)oot )oth !" and !" should )e a)le to communicate on )oth sides. +olution: @ser/er: #nmcli connection modify +ystem eth ip/.addresses >fdd):fe8a:a)'e::caC:'0> ip/.method static #nmcli connection down +ystem eth #nmcli connection up +ystem eth after re)oot try to ping to the )elow ip #ping fdd):fe8a:a)'e::caC:8(if it is pinging then ok* @%lient: #nmcli connection modify +ystem eth ip/.addresses >fdd):fe8a:a)'e::caC:80> ip/.method staticile: 0 #nmcli connection reload #systemctl restart network after re)oot try to ping to the )elow ip #ping fdd):fe8a:a)'e::caC:'(if it is pinging then ok* EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEEEEEEEEEEEEEEEEEEEEEEEEE &uestion#F %onfigure 2etwork Irunner: Iname:acti/e)ackupJJ> #nmcli connection show #nmcli connection add type teamsla/e conname ganesh ifname eth' master team #nmcli connection add type teamsla/e conname ganesh ifname eth8 master team #nmcli connection modify team ip/.addresses >'G8.'C..'08> #nmcli connection reload #systemctl restart network #teamdctl team state setup: runner: acti/e)ackup ports: eth' link watches: link summary: up instanceKlinkEwatchEL: name: ethtool link: up eth8 link watches: link summary: up instanceKlinkEwatchEL: name: ethtool link: up runner: acti/e port: eth' #############################################done################################## ####################### &uestion#
port forwarding: %onfigure !R< RNARD2O incomming connection on port F'0tcp on the firewall to port '0tcp on network 'P8.8F..08. #firewallcmd permanent addrichrule=>rule family=ip/ source address='P8.8F..08 forwardport port=F' protocol=tcp toport='> #firewallcmd reload ??????????????????????????????????????????????????????? done?????????????????????????????????????''' &uestion#P %onfigure mail on )oth system' and system8. Q Do not accept incoming mail from e,ternal sources. Q All mail sent locally on this system automatically routed to system'.group'.e,ample.com Q Mail sent from these systems should show up as comming from group'.e,ample.com Q $our ma, test )y sending mail to >another #la) smtpnullclient setup(do in the la) not in e,am* +etting up ser/er machine... +etting up mutt... #####if pkg is not installed #### # rpm 6a grep postfi, postfi,8.'.'.elP.,CE # yum install postfi, yS% # systemctl ena)le postfi,S% # systemctl restart postfi,S% # firewallcmd addser/ice=smtp permanent # firewallcmd reload steps you ha/e remem)er and do the same desktop in e,am(system8* #postconf e inetEinterfaces=loop)ackonly # postconf e mydestination= # postconf e relayhost=Ksmtp'.e,ample.comL # postconf e myorigin=e,ample.com # postconf e localEtransport=error: local deli/ery disa)led # postconf e mynetworks='8P...0C K::'L0'8C # systemctl restart postfi,.ser/ice # su student Kstudent@ser/er4 TLU mail s >Oanesh is configured smtp null client> student@desktop'.e,ample.com Vi t send the mails to me. )ecause its null client i can send to you . -< #######################done############### &uestion#C 2+ +er/er: -,port your 0pu)lic directory /ia 2+ to the e,ample.com domain. Make sure that client in e,ample.com domain should a)le to read only permission in 0pu)lic. &uestion#G %onfigure secure 2+ ser/er.
-,port your 0pu)licsecure directory with using Wer)oros /ia 2+ to the e,ample.com domain. Make sure client in e,ample.com domain shoud a)le to read and write prmission on 0pu)licsecure and create a su)directory called pu)licshare. a.pu)licshare directory owner should )e ldapuser4 and ldapuser4 user should a)le to read and write not to any other . ).Download keyta) for the ser/er from the is url http:00classroom.e,ampe.com0pu)0keyta)s0ser/er4.keyta) EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEEEEEEEEEEEEEEEEEEEEE &uestion#' 2+ mounts. a* Mount 0pu)lic permanently on the 0mnt0secure on the desktop4. )* Mount the secure nfs share 0pu)licsecure permanently on the 0mnt0securepath on desktop4. /erify that user ldapuser4 has read and write access on the 0mnt0securepath on the desktop4 Quse keyta) file http:00classroom.e,ample.com0pu)0keyta)s0desktop4.keyta) ############################# +olution of &uestionC and 'a 2+ share @+er/er machine #yum install nfs y #systemctl ena)le nfsser/er #systemctl restart nfsser/er #firewallcmd permanent addser/ice=nfs #firewallcmd permanent addser/ice=mountd #firewallcmd permanent addser/ice=rpc)ind #firewallcmd reload #mkdir 0pu)lic #/im 0etc0e,ports 0pu)lic 'P8.8F..0'(ro* in e,am your domain will )e fields #e,portfs r/ #showmount e ser/er4 @%lient(desktop* #yum install nfsutils y #showmount e ser/er4 #mkdir 0mnt0secure #/im 0etc0fsta) 'P8.8F.4.'':0pu)lic 0mnt0secure nfs defaults :w6 #mount a #df V +olution of &uestionG and '). 2+ with Wr)F @+er/er machine #la) nfskr)F setup(this is only for classroom* #yum install nfs y #systemctl ena)le nfssecureser/er
(please restart in this se6uence only* #systemctl restart nfsser/er #systemctl restart nfssecureser/er #firewallcmd permanent addser/ice=nfs (we already added at first &uestion* #firewallcmd permanent addser/ice=mountd #firewallcmd permanent addser/ice=rpc)ind #firewallcmd reload (use capital and keep the file as 0etc0kr)F.keyta) only* #wget 0etc0kr)F.keyta) http:00classroom.e,ample.com0pu)0keyta)s0ser/er4.keyta) #mkdir mPPP 0pu)licsecure #mkdir 0pu)licsecure0pu)licshare #chown ldapuser4 0pu)licsecure0pu)licshare0 #ls ld 0pu)licsecure0pu)licshare0 #ls ld 0pu)licsecure0 #/im 0etc0sysconfig0nfs at line no ' #R!%2+DARO+=" .8 (!lease use capital "* #/im 0etc0e,ports 0pu)licsecure 'P8.8F..0'(rw;sec=kr)Fp* #e,portfs r/ #showmount e 'P8.8F.4.'' ?????????????????????? @%lient(desktop* #la) nfskr)F setup (do not do it in e,am* #showmount e ser/er4 (use capital and keep the file as 0etc0kr)F.keyta) only* #wget 0etc0kr)F.keyta) http:00classroom.e,ample.com0pu)0keyta)s0desktop'.keyta) #systemctl ena)le nfssecure (2.B:only this one ser/ice need to restart at desktop or clinet not other 8ser/ices* #systemctl restart nfssecure #mkdir 0mnt0securepath #/im 0etc0fsta) 'P8.8F.4.'':0pu)licsecure 0mnt0securepath nfs defaults;sec=kr)Fp :w6 #mount a #ssh lpdauser4@localhost (password is ker)eros* Kldapuser'@ser/er' TLU df V Kldapuser'@ser/er' TLU cd 0mnt0securepath0pu)licshare in this directory ldapuser should write some content. mkdir coss touch file ((((((((((((((((((((((((((((((D2-****************************** &uestion#'' %onfigure +AMBA +VAR-: Q +hare the directory 0common /ia sam)a. $our sam)a ser/er must )e a mem)er of +taff workgroup. Q
#sm)passwd a frank 2ew +MB password: Retype new +MB password: Added user frank. #/im 0etc0sam)a0sm).conf at line no CG: change workgroup = +
Retype new +MB password: Added user ro))y. #/im 0etc0sam)a0sm).conf copy the ' lines from common KcommonL comment = !u)lic +tuff path = 0common #write list = Ystaff )rowsea)le = yes hosts allow = 'P8.8F. /alid users = frank please o)ser/e the changes KsecureL comment = !u)lic +tuff path = 0secure write list = ro))y pu)lic = no )rowsea)le = yes hosts allow = 'P8.8F. /alid users = ro) ro))y :w6 @client ################## #useradd ro) #useradd ro))y #sm)client 00ser/er'0secure 3 ro) -nter ro)>s password: Domain=K+s password: Domain=K+
################ &uestion#' %onfigure we) ser/er: Q %onfigure the system' as we) ser/er for the site http:00ser/er4.e,ample.com Q Download the we) page station.html from http:00classroom.e,ample.com0pu)0updates0station.html Q Rename the downloaded page as inde,.html. Q %opy the inde,.html file to the document root and dont modify a. Make sure the we) site should )e allow to e,ample.com only and deny to my't.org doimain . ???????????? +olution #yum install httpd y #systemctl ena)le httpd.ser/ice #systemctl restart httpd.ser/ice #firewallcmd permanent addser/ice=http +uccess #firewallcmd reload success #rpm 6d httpd run this command #cat 0usr0share0doc0httpd8..0httpd/hosts.conf (read this file and copy last P lines* and paste in /im 0etc0httpd0conf0httpd.conf ####segreate from F line######################### paste is here 5"irtualVost :@@!ort@@Q +er/erAdmin we)master@dummyhost8.e,ample.com DocumentRoot @@+er/erRoot@@0docs0dummyhost8.e,ample.com +er/er2ame dummyhost8.e,ample.com -rror1og 0/ar0log0httpd0dummyhost8.e,ample.comerrorElog %ustom1og 0/ar0log0httpd0dummyhost8.e,ample.comaccessElog common 50"irtualVostQ and please o)ser/e the changes 5"irtualVost 'P8.8F.4.'':CQ(4 is your system num)er* +er/erAdmin root@ser/er4.e,ample.com DocumentRoot 0/ar0www0html +er/er2ame ser/er4.e,ample.com 50"irtualVostQ 5Directory 0/ar0www0htmlQ Kthis is file lines you ha/e to remem)erL rder allow;deny Allow from .e,ample.com 50DirectoryQ ??????? 2ow download the we) page station.html from http:00classroom.e,ample.com0pu)0updates0station.html #wget inde,.html http:00classroom.e,ample.com0pu)0updates0station.html ( run this command* #systemctl restart httpd.ser/ice #curl k http:00ser/er4.e,ample.com ()etter use firefo,* (((((((((((((((((((((((((((((((((((((Done****************************** &uestion#' %onfigure we) ser/er: %reate the directory confidential for the DocumentRoot of your we)ser/er. Download the page host.html from http:00classroom.e,ample.com0pu)0updates0host.html And mo/e as inde,.html.t should )e accessa)le to localhost only and not to any other host.
#mkdir 0/ar0www0html0confidential 2.BAgain open the conifguration file and copy from the 5Directory 0/ar0www0htmlQ Kthis is file lines you ha/e to remem)erL rder allow;deny Allow from .e,ample.com 50DirectoryQ please o)ser/e the changesile: 5Directory 0/ar0www0html0confidentialQ rder allow;deny Allow from 'P8.8F.4.'' 50DirectoryQ :w6 2ow Download Download the page host.html from http:00classroom.e,ample.com0pu)0updates0host.html #wget inde,.html http:00classroom.e,ample.com0pu)0updates0host.html (run this command no need to raname again* #systemctl restart httpd.ser/ice open firefo, from desktop;foundation machine it should )e for)iddent;if it )rsowsea)le then mistake with your configuration t will only )rowse with ser/er4.e,ample.com ((((((((((((((((((((((((((((((((((((((((((((((((Done*************************** &uestion#'F %onfigure name /irtual hosting ser/er: %onfigure the name /irtual hosting ser/er for the site http:00www4.e,ample.com. Download the page www.html from http:00classroom.e,ample.com0pu)0updates0www.html and rename as inde,.html under documenRoot 0/ar0www0/irtual. 3ser called rock should a)le to add some content into 0/ar0www0/irtual directory. +olution ######### #mkdir 0/ar0www0/irtual #cd 0/ar0www0/irtual #wget inde,.html http:00classroom.e,ample.com0pu)0updates0www.html copy the )egining F lines from main we) ser/er configuration 5"irtualVost 'P8.8F.4.'':CQ(4 is your system num)er* +er/erAdmin root@ser/er4.e,ample.com DocumentRoot 0/ar0www0html +er/er2ame ser/er4.e,ample.com 50"irtualVostQ and o)ser/e the changes changes 5"irtualVost 'P8.8F.4.'':CQ(4 is your system num)er* +er/erAdmin [email protected],ample.com DocumentRoot 0/ar0www0/irtual +er/er2ame www4.e,ample.com 50"irtualVostQ #systemctl restart httpd.ser/ice #useradd rock #setfacl m u:rock:rw, 0/ar0www0/irtual
#su rock #/im 0/ar0www0/irtual0rock.html Rock is modifying the /irtual content :w6 #systemctl restart httpd.ser/ice first )rowse firefo, http:00www4.e,ample.com then )rowse firefo, http:00www4.e,ample.com0rock.html ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((D2-******************* ***************** &uestion#'P confiure ssl we) ser/er %onfigure secure we) ser/er site name http:00ser/er4.e,ample.com and the we) site will need to protect with ++1. Download the certificates form following locations http:00classroom.e,ample.com0pu)0e,ampleca.crt http:00classroom.e,ample.com0pu)0tls0pri/ate0ser/er4.key http:00classroom.e,ample.com0pu)0tls0certs0ser/er4.crt #solution # yum install modEssl y firewallcmd permanent addser/ice=https success #firewallcmd reload success Qdownload the keys )elow location (please download only .crt e,tension keys in this directory* #cd 0etc0pki0tls0certs0 wget http:00classroom.e,ample.com0pu)0e,ampleca.crt wget http:00classroom.e,ample.com0pu)0tls0certs0ser/er4.crt #cd 0etc0pki0tls0pri/ate wget http:00classroom.e,ample.com0pu)0tls0pri/ate0ser/er4.key 2ow run a command # egrep >++1%++1-++1!> 0etc0httpd0conf.d0ssl.conf and copy form ++1 engine on to ser/erchain.crt and what e/er # commented delete e,cept ser/erchain.crt(Hust uncomment it* +tep#' copy the first F lines from the )egining and o)ser/e the changes 5"irtualVost 'P8.8F.4.'':CQ(4 is your system num)er* +er/erAdmin root@ser/er4.e,ample.com DocumentRoot 0/ar0www0html +er/er2ame ser/er4.e,ample.com +tep 8 (And what e/er you copied from egrep >++1%++1-++1!> 0etc0httpd0conf.d0ssl.conf * please paste in the middle ++1-ngine on ++1!rotocol all ++1/8 ++1%ipher+uite VOV:M-D3M:?a2311:?MDF # to the ++1%ipher+uite list; and ena)le ++1Vonor%ipherrder. #++1%ipher+uite R%+VA:A-+'8C+VA:VOV:M-D3M:?a2311:?MDF # !oint ++1%ertificateile at a !-M encoded certificate. f ++1%ertificateile 0etc0pki0tls0certs0localhost.crt ++1%ertificateWeyile 0etc0pki0tls0pri/ate0localhost.key # !oint ++1%ertificate%hainile at a file containing the #
the referenced file can )e the same as ++1%ertificateile #++1%ertificate%hainile 0etc0pki0tls0certs0ser/erchain.crt 50"irtualVostQ final changes please o)ser/er 5"irtualVost 'P8.8F.4.'':Q(4 is your system num)er* C to +er/erAdmin root@ser/er4.e,ample.com DocumentRoot 0/ar0www0html +er/er2ame ser/er4.e,ample.com ++1-ngine on ++1!rotocol all ++1/8 ++1/ 5 this one you ha/e to add ++1%ipher+uite VOV:M-D3M:?a2311:?MDF ++1%ertificateile 0etc0pki0tls0certs0ser/er4.crt ++1%ertificateWeyile 0etc0pki0tls0pri/ate0ser/er4.key ++1%ertificate%hainile 0etc0pki0tls0certs0e,ampleca.crt 50"irtualVostQ #systemctl restart httpd.ser/ices And this should )e )rowse from all the systems. (((((((((((((((((((('(((((((((((((((((((((((((((((((((D2-************************* * &uestion#' %onfigure wsgi we) ser/er: %onfigure wsgi we) ser/er site name we)app4.e,ample.com and download dynamic N+O conent from http:00 classroom.e,ample.com0pu)0updates0we)app.wsgi and stored inside /irtual we) ser/er DocumentRoot of your we)ser/er. and donot effect /irtual we) sere/r. port should )e CGGG and client should access the we) site using we)app4.e,ample.com:CGGG. ########## solution #yum install modEwsgi y #cd 0/ar0www0/irtual #wget http:00classroom.e,ample.com0pu)0updates0we)app.wsgi #firewallcmd permanent addport=CGGG0tcp #firewallcmd reload #man semanage port search for 0e,ample and copy and paste in terminal #semanage port a t httpEportEt p tcp CGGG (and change it C' to CGGG* open the /im 0etc0httpd0conf0httpd.conf and search 1isten and %opy the 1isten and paste it and change like this 1isten we)app4.e,ample.com:CGGG down and in this file only copy from 5"irtualVost 'P8.8F.4.'':CQ(4 is your system num)er* +er/erAdmin [email protected],ample.com DocumentRoot 0/ar0www0/irtual +er/er2ame www4.e,ample.com 50"irtualVostQ and o)ser/e the changes 5"irtualVost 'P8.8F.4.'':CQ change C to CGGG (4 is your system num)er* +er/erAdmin root@we)app4.e,ample.com 5www4 to we)app4 DocumentRoot 0/ar0www0/irtual0we)app.wsgi5 add this one and change DocumentRoot to N+O+criptAlias 0 so final N+O+criptAlias 0 0/ar0www0/irtual0we)app.wsgi +er/er2ame www4.e,ample.com5 ser/ername we)app4.e,ample.com
50"irtualVostQ inal output 5"irtualVost 'P8.8F.4.'':CGGGQ N+O+criptAlias 0 0/ar0www0/irtual0we)app.wsgi +er/erAdmin root@we)app4.e,ample.com +er/er2ame we)app4.e,ample.com 50"irtualVostQ :w6 #systemctl restart httpd.ser/ice Q)rowse #firefo, http:00we)app4.e,ample.com:CGGG (f 3ni, epoch time is coming its done* and ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((D2-***************** *********** &uestion#8 %onfigure mariad). nstall mariad) data)ase and user root password is redhat data)ase sholud access only localhost. create a contacts data)ase. Restore a data )ase )ackup http:00classroom.e,ample.com0pu)0materials0mariad)0mariad).dump . >ro)> user can 6uery and access contacts data)ase should )e use password is redhat. #yum groupinstall mariad) y #systemctl ena)le mariad) #systemctl restart mariad) #firewallcmd permanent addser/ice=mys6l #firewallcmd reload #/im 0etc0my.cnf unnder Kmys6ldL skipnetworking=' :w6 #mys6lEsecureEinstallation -nter current password for root (enter for none*: dont gi/e any passwd here Hust hit enter +et root password^ K$0nL $ Remo/e anonymous users^ K$0nL$ Disallow root login remotely^ K$0nL$ Remo/e test data)ase and access to it^ K$0nL$ Reload pri/ilege ta)les now^ K$0nL$ Heffrey>@>localhost> D-2<-D B$ >mypass>7 please o)ser/e the changes MariaDB K(none*LQ%R-A<- 3+-R >ro)>@>localhost> D-2<-D B$ >redhat>7 MariaDB K(none*LQhelp grant7 and copy the )elow line ORA2< +-1-%< 2 d)8.in/oice < >Heffrey>@>localhost>7 please o)ser/e the changes MariaDB K(none*LQORA2< +-1-%< 2 content. < >ro)>@>localhost>7
now e,it from the data)ase type e,it7 ##step8####### download a data)ase from http:00classroom.e,ample.com0pu)0materials0mariad)0mariad).dump # mys6l u root predhat content 5 0root0mariad).dump #mys6l u ro) predhat content MariaDB KcontentLQ show ta)les7 YY
!artition num)er (';F; default F*:(enter* Ve, code (type 1 to list all codes*: Ce %ommand (m for help*: p %ommand (m for help*: w #partpro)e #p/create 0de/0/d)F #/gcreate iscsiEstorage 0de/0/d)F #l/create n storage l 'ZR-- iscsiEstorage #targetcli 0Q ls(you will get output like this )elow*ile: 0run0media0kiosk0DG 8DGP0OA2-+VE%++0OA2-+VERV%-E+13<2 !age '8 of ' o 0 ..................................................................... K...L o )ackstores .......................................................... K...L o )lock .............................................. K+torage )Hects: L o fileio ............................................. K+torage )Hects: L o pscsi .............................................. K+torage )Hects: L o ramdisk ............................................ K+torage )Hects: L o iscsi ........................................................ K
o acls ...................................................... KA%1s: 'L o i6n.8'F8.com.e,ample:desktop4 .................. KMapped 132s: 'L o mappedElun ..................... Klun )lock0iscsiEstorage (rw*L o luns ...................................................... K132s: 'L o lun ........... K)lock0iscsiEstorage (0de/0iscsiEstorage0storage*L o portals ................................................ K!ortals: 'L o 'P8.8F.4.'':8 ............................................ KWL o loop)ack ..................................................... K
#mkdir 0mnt0iscsi #)lkid(copy the 33D of 0de/0sda'* #/im 0etc0fsta) 33D=8FadeP)cFCe8CfGG'CG'fcGc8G 0mnt0iscsi e,t Enetde/ :w6? #mount a #df V #iscsiadm mode node targetname i6n.8'F8.com.e,ample:system' portal 'P8.8F.4.'':8 logout (use the same command which has )een used to login with changing it to logout* #re)oot #df V(check whther 0de/0sda' is still mounted or not if yes then it is successful* (((((((((((((((((((((((((((((((((((((((((((((((((((((((((D2-********************** ******************** &uestion#8' +cript: Nrite the script called 0root0script. f you pass an argument as redhat it should print fedora . f you pass an argument as fedora it should print redhat. f you pass any argument other than redhat or fedorait will print standard error +
done else echo file not found fi :w6 #/im coss user' user8 user :w6 #sh 0root0script8.sh coss it will add the users #cd 0home #########################################################D2-##################### ####### # #mys6l u root B D mys6l e >select user from user where password=password(>animous>*7> p Q 0mnt0password.t,t
