[email protected]#: ========================= Dont Break the passwd here login with Root Account #change the hostname as static #Modify the !" as static # $um %lient &uestion#' (Do it in )oth the systems* +et +elinu, in -nforcing mode +et the selinu, policy !ermissi/e to -nfrocing on )oth sides. #/im 0etc0selinu,0config +-1234=permissi/e 5 change permissi/e to -nforcing :w6 #setenforce '7 systemctl re)oot done &uestion#8 %ustomi9e the user en/ironment on )oth systems. %reate a custom command called 6stat on )oth system' and system8 that runs the command 0usr0)in0ps Ao pid;tty;user;fname;rs9 0usr0)in0ps Ao pid;tty;user;fname;rs9> :w6 #source 0etc0)ashrc #6stat ????????????????????????????????????????????????????????????????????????? done????????????????????? &uestion# %onfigure ssh on )oth the systems. %onfigure ssh ser/er on ser/er4.e,ample.com and domain.my''t.org should not ha/e ssh access. solution #/im 0etc0hosts.deny sshd: .my't.org :w6 #systemctl restart sshd ????????????????????????????????????done??????????????????????? &uestion# %onfigure ip/ %onfigure !" on )oth desktop4 and ser/er4 on eth de/ice; this should not effect !" network. n ser/er4 !" should )e fdd):fe8a:a)'e::caC:'0 .n desktop4 !" fdd):fe8a:a)'e::caC:80 should )e
and after re)oot )oth !" and !" should )e a)le to communicate on )oth sides. +olution: @ser/er: #nmcli connection modify +ystem eth ip/.addresses >fdd):fe8a:a)'e::caC:'0> ip/.method static #nmcli connection down +ystem eth #nmcli connection up +ystem eth after re)oot try to ping to the )elow ip #ping fdd):fe8a:a)'e::caC:8(if it is pinging then ok* @%lient: #nmcli connection modify +ystem eth ip/.addresses >fdd):fe8a:a)'e::caC:80> ip/.method staticile: 0 #nmcli connection reload #systemctl restart network after re)oot try to ping to the )elow ip #ping fdd):fe8a:a)'e::caC:'(if it is pinging then ok* EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEEEEEEEEEEEEEEEEEEEEEEEEE &uestion#F %onfigure 2etwork Irunner: Iname:acti/e)ackupJJ> #nmcli connection show #nmcli connection add type teamsla/e conname ganesh ifname eth' master team #nmcli connection add type teamsla/e conname ganesh ifname eth8 master team #nmcli connection modify team ip/.addresses >'G8.'C..'08> #nmcli connection reload #systemctl restart network #teamdctl team state setup: runner: acti/e)ackup ports: eth' link watches: link summary: up instanceKlinkEwatchEL: name: ethtool link: up eth8 link watches: link summary: up instanceKlinkEwatchEL: name: ethtool link: up runner: acti/e port: eth' #############################################done################################## ####################### &uestion#
port forwarding: %onfigure !R< RNARD2O incomming connection on port F'0tcp on the firewall to port '0tcp on network 'P8.8F..08. #firewallcmd permanent addrichrule=>rule family=ip/ source address='P8.8F..08 forwardport port=F' protocol=tcp toport='> #firewallcmd reload ??????????????????????????????????????????????????????? done?????????????????????????????????????''' &uestion#P %onfigure mail on )oth system' and system8. Q Do not accept incoming mail from e,ternal sources. Q All mail sent locally on this system automatically routed to system'.group'.e,ample.com Q Mail sent from these systems should show up as comming from group'.e,ample.com Q $our ma, test )y sending mail to >another #la) smtpnullclient setup(do in the la) not in e,am* +etting up ser/er machine... +etting up mutt... #####if pkg is not installed #### # rpm 6a grep postfi, postfi,8.'.'.elP.,CE # yum install postfi, yS% # systemctl ena)le postfi,S% # systemctl restart postfi,S% # firewallcmd addser/ice=smtp permanent # firewallcmd reload steps you ha/e remem)er and do the same desktop in e,am(system8* #postconf e inetEinterfaces=loop)ackonly # postconf e mydestination= # postconf e relayhost=Ksmtp'.e,ample.comL # postconf e myorigin=e,ample.com # postconf e localEtransport=error: local deli/ery disa)led # postconf e mynetworks='8P...0C K::'L0'8C # systemctl restart postfi,.ser/ice # su student Kstudent@ser/er4 TLU mail s >Oanesh is configured smtp null client> student@desktop'.e,ample.com Vi t send the mails to me. )ecause its null client i can send to you . -< #######################done############### &uestion#C 2+ +er/er: -,port your 0pu)lic directory /ia 2+ to the e,ample.com domain. Make sure that client in e,ample.com domain should a)le to read only permission in 0pu)lic. &uestion#G %onfigure secure 2+ ser/er.
-,port your 0pu)licsecure directory with using Wer)oros /ia 2+ to the e,ample.com domain. Make sure client in e,ample.com domain shoud a)le to read and write prmission on 0pu)licsecure and create a su)directory called pu)licshare. a.pu)licshare directory owner should )e ldapuser4 and ldapuser4 user should a)le to read and write not to any other . ).Download keyta) for the ser/er from the is url http:00classroom.e,ampe.com0pu)0keyta)s0ser/er4.keyta) EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEEEEEEEEEEEEEEEEEEEEE &uestion#' 2+ mounts. a* Mount 0pu)lic permanently on the 0mnt0secure on the desktop4. )* Mount the secure nfs share 0pu)licsecure permanently on the 0mnt0securepath on desktop4. /erify that user ldapuser4 has read and write access on the 0mnt0securepath on the desktop4 Quse keyta) file http:00classroom.e,ample.com0pu)0keyta)s0desktop4.keyta) ############################# +olution of &uestionC and 'a 2+ share @+er/er machine #yum install nfs y #systemctl ena)le nfsser/er #systemctl restart nfsser/er #firewallcmd permanent addser/ice=nfs #firewallcmd permanent addser/ice=mountd #firewallcmd permanent addser/ice=rpc)ind #firewallcmd reload #mkdir 0pu)lic #/im 0etc0e,ports 0pu)lic 'P8.8F..0'(ro* in e,am your domain will )e fields #e,portfs r/ #showmount e ser/er4 @%lient(desktop* #yum install nfsutils y #showmount e ser/er4 #mkdir 0mnt0secure #/im 0etc0fsta) 'P8.8F.4.'':0pu)lic 0mnt0secure nfs defaults :w6 #mount a #df V +olution of &uestionG and '). 2+ with Wr)F @+er/er machine #la) nfskr)F setup(this is only for classroom* #yum install nfs y #systemctl ena)le nfssecureser/er
#su rock #/im 0/ar0www0/irtual0rock.html Rock is modifying the /irtual content :w6 #systemctl restart httpd.ser/ice first )rowse firefo, http:00www4.e,ample.com then )rowse firefo, http:00www4.e,ample.com0rock.html ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((D2-******************* ***************** &uestion#'P confiure ssl we) ser/er %onfigure secure we) ser/er site name http:00ser/er4.e,ample.com and the we) site will need to protect with ++1. Download the certificates form following locations http:00classroom.e,ample.com0pu)0e,ampleca.crt http:00classroom.e,ample.com0pu)0tls0pri/ate0ser/er4.key http:00classroom.e,ample.com0pu)0tls0certs0ser/er4.crt #solution # yum install modEssl y firewallcmd permanent addser/ice=https success #firewallcmd reload success Qdownload the keys )elow location (please download only .crt e,tension keys in this directory* #cd 0etc0pki0tls0certs0 wget http:00classroom.e,ample.com0pu)0e,ampleca.crt wget http:00classroom.e,ample.com0pu)0tls0certs0ser/er4.crt #cd 0etc0pki0tls0pri/ate wget http:00classroom.e,ample.com0pu)0tls0pri/ate0ser/er4.key 2ow run a command # egrep >++1%++1-++1!> 0etc0httpd0conf.d0ssl.conf and copy form ++1 engine on to ser/erchain.crt and what e/er # commented delete e,cept ser/erchain.crt(Hust uncomment it* +tep#' copy the first F lines from the )egining and o)ser/e the changes 5"irtualVost 'P8.8F.4.'':CQ(4 is your system num)er* +er/erAdmin root@ser/er4.e,ample.com DocumentRoot 0/ar0www0html +er/er2ame ser/er4.e,ample.com +tep 8 (And what e/er you copied from egrep >++1%++1-++1!> 0etc0httpd0conf.d0ssl.conf * please paste in the middle ++1-ngine on ++1!rotocol all ++1/8 ++1%ipher+uite VOV:M-D3M:?a2311:?MDF # to the ++1%ipher+uite list; and ena)le ++1Vonor%ipherrder. #++1%ipher+uite R%+VA:A-+'8C+VA:VOV:M-D3M:?a2311:?MDF # !oint ++1%ertificateile at a !-M encoded certificate. f ++1%ertificateile 0etc0pki0tls0certs0localhost.crt ++1%ertificateWeyile 0etc0pki0tls0pri/ate0localhost.key # !oint ++1%ertificate%hainile at a file containing the #
the referenced file can )e the same as ++1%ertificateile #++1%ertificate%hainile 0etc0pki0tls0certs0ser/erchain.crt 50"irtualVostQ final changes please o)ser/er 5"irtualVost 'P8.8F.4.'':Q(4 is your system num)er* C to +er/erAdmin root@ser/er4.e,ample.com DocumentRoot 0/ar0www0html +er/er2ame ser/er4.e,ample.com ++1-ngine on ++1!rotocol all ++1/8 ++1/ 5 this one you ha/e to add ++1%ipher+uite VOV:M-D3M:?a2311:?MDF ++1%ertificateile 0etc0pki0tls0certs0ser/er4.crt ++1%ertificateWeyile 0etc0pki0tls0pri/ate0ser/er4.key ++1%ertificate%hainile 0etc0pki0tls0certs0e,ampleca.crt 50"irtualVostQ #systemctl restart httpd.ser/ices And this should )e )rowse from all the systems. (((((((((((((((((((('(((((((((((((((((((((((((((((((((D2-************************* * &uestion#' %onfigure wsgi we) ser/er: %onfigure wsgi we) ser/er site name we)app4.e,ample.com and download dynamic N+O conent from http:00 classroom.e,ample.com0pu)0updates0we)app.wsgi and stored inside /irtual we) ser/er DocumentRoot of your we)ser/er. and donot effect /irtual we) sere/r. port should )e CGGG and client should access the we) site using we)app4.e,ample.com:CGGG. ########## solution #yum install modEwsgi y #cd 0/ar0www0/irtual #wget http:00classroom.e,ample.com0pu)0updates0we)app.wsgi #firewallcmd permanent addport=CGGG0tcp #firewallcmd reload #man semanage port search for 0e,ample and copy and paste in terminal #semanage port a t httpEportEt p tcp CGGG (and change it C' to CGGG* open the /im 0etc0httpd0conf0httpd.conf and search 1isten and %opy the 1isten and paste it and change like this 1isten we)app4.e,ample.com:CGGG down and in this file only copy from 5"irtualVost 'P8.8F.4.'':CQ(4 is your system num)er* +er/erAdmin [email protected],ample.com DocumentRoot 0/ar0www0/irtual +er/er2ame www4.e,ample.com 50"irtualVostQ and o)ser/e the changes 5"irtualVost 'P8.8F.4.'':CQ change C to CGGG (4 is your system num)er* +er/erAdmin root@we)app4.e,ample.com 5www4 to we)app4 DocumentRoot 0/ar0www0/irtual0we)app.wsgi5 add this one and change DocumentRoot to N+O+criptAlias 0 so final N+O+criptAlias 0 0/ar0www0/irtual0we)app.wsgi +er/er2ame www4.e,ample.com5 ser/ername we)app4.e,ample.com
50"irtualVostQ inal output 5"irtualVost 'P8.8F.4.'':CGGGQ N+O+criptAlias 0 0/ar0www0/irtual0we)app.wsgi +er/erAdmin root@we)app4.e,ample.com +er/er2ame we)app4.e,ample.com 50"irtualVostQ :w6 #systemctl restart httpd.ser/ice Q)rowse #firefo, http:00we)app4.e,ample.com:CGGG (f 3ni, epoch time is coming its done* and ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((D2-***************** *********** &uestion#8 %onfigure mariad). nstall mariad) data)ase and user root password is redhat data)ase sholud access only localhost. create a contacts data)ase. Restore a data )ase )ackup http:00classroom.e,ample.com0pu)0materials0mariad)0mariad).dump . >ro)> user can 6uery and access contacts data)ase should )e use password is redhat. #yum groupinstall mariad) y #systemctl ena)le mariad) #systemctl restart mariad) #firewallcmd permanent addser/ice=mys6l #firewallcmd reload #/im 0etc0my.cnf unnder Kmys6ldL skipnetworking=' :w6 #mys6lEsecureEinstallation -nter current password for root (enter for none*: dont gi/e any passwd here Hust hit enter +et root password^ K$0nL $ Remo/e anonymous users^ K$0nL$ Disallow root login remotely^ K$0nL$ Remo/e test data)ase and access to it^ K$0nL$ Reload pri/ilege ta)les now^ K$0nL$ Heffrey>@>localhost> D-2<-D B$ >mypass>7 please o)ser/e the changes MariaDB K(none*LQ%R-A<- 3+-R >ro)>@>localhost> D-2<-D B$ >redhat>7 MariaDB K(none*LQhelp grant7 and copy the )elow line ORA2< +-1-%< 2 d)8.in/oice < >Heffrey>@>localhost>7 please o)ser/e the changes MariaDB K(none*LQORA2< +-1-%< 2 content. < >ro)>@>localhost>7