Сертификация Red Hat Certified System Administrator (RHCSA) – начальная ступень сертификации, которая ориентирована на начинающих пользователей Linux/Unix, требующая, тем не менее, углубленных знаний устройства ОС RedHat. Для получения статуса RHCSA необходимо сдать один экзамен продолжительностью 2-3 часа, состоящий из 15-20 вопросов. По окончании экзамена виртуальная машина перезагружается, после чего на ней запускается скрипт, проверяющий правильность выполнения заданий в автоматическом режиме.
RHEL7
Install the Apache package. Allow it to get documents stored on NFS mounted directories.
$ yum install -y httpd $ firewall-cmd –permanent –add-service=http $ firewall-cmd –reload $ systemctl enable httpd $ systemctl start httpd $ getsebool -a | grep nfs | grep httpd $ setsebool -P httpd_use_nfs on
Extend the existing xfs file system to a total size of 200MB and add a label called myFS.
$ lvextend –size 200M -r /dev/vg/lv_xfs or $ lvextend –size +100M -r /dev/vg/lv_xfs $ umount /xfs $ xfs_admin -L “myFS” /dev/vg/lv_xfs $ mount /xfs
Assign the same SELinux contexts used by the home directories to the /xfs directory permanently.
$ yum install -y setroubleshoot-server $ semanage fcontext -a -t user_home_dir_t “/xfs(/.*)?” $ restorecon -R /xfs
Create two users: john with uid/gid equal to 2000, password 12345678 and davis with uid/gid equal to 3000, password 87654321. Make davis‘ account validity stopping in one month.
$ useradd -u 2000 john $ passwd john New password: 12345678 $ useradd -u 3000 davis $ passwd davis New password: 87654321 $ date -d “+1month” $ usermod -e YYYY-MM-DD davis or $ chage -E YYYY-MM-DD davis $ chage -l davis
Allow davis (and only davis) to get full access to john‘s home directory.
$ setfacl -R -m u:davis:rwx /home/john
Create a directory named /common. Allow john and davis to share documents in the /common directory using a group called team. Both of them can read, write and remove documents from the other in this directory but any user not member of the group can’t.
$ mkdir /common $ groupadd -g 50000 team $ chgrp team /common $ chmod 2770 /common $ usermod -aG team john $ usermod -aG team davis
Create a xfs file system on a new logical volume of 100MB called lv_xfs. Mount it permanently with uuid under /xfs.
$ lvcreate –size 100M –name lv_xfs /dev/vg $ mkfs.xfs /dev/vg/lv_xfs $ mkdir /xfs $ blkid | grep lv_xfs >> /etc/fstab $ vi /etc/fstab UUID=… /xfs xfs defaults 1 2 $ mount -a
Write a Bash script called prog.sh in the /root directory that creates 40 files of 2MB each with the fallocate command in the mounted /xfs directory. Each file has got a name as follows: .file_N where N is a number from 1 to 40.
cd /root vi prog.sh
$!/bin/bash cd /xfs N=40 while [ “$N” -gt 0 ] do fallocate -l 2M .file_$N N=`expr $N – 1` done
ИЛИ
$!/bin/bash for N in `seq 40` do fallocate -l 2M /xfs/.file_$N done
$ chmod u+x prog.sh $ ./prog.sh
Create an ext4 file system on a new logical volume of 100MB called lv_ext4. Mount it permanently under the /ext4 directory. Copy the files previously created into this new space.
$ lvcreate –size 100M –name lv_ext4 /dev/vg $ mkfs.ext4 /dev/vg/lv_ext4 $ mkdir /ext4 $ vi /etc/fstab /dev/vg/lv_ext4 /ext4 ext4 defaults 1 2 $ cp -p /xfs/.f* /ext4
Configure a virtual console.
$ grubby –update-kernel=ALL –args=”console=ttyS0″
Create a logical volume of 200MB called lv_swap2 and add it permanently to the current swap space.
$ lvcreate –L200M –n lv_swap2 vg00 $ mkswap /dev/vg/lv_swap2 $ swapon /dev/vg/lv_swap2 vi /etc/fstab /dev/vg00/lv_swap2 swap swap defaults 0 0
Create a cron job running as root, starting at 11PM every day and writing a report on daily system resource consumption in the /var/log/consumption.log file (sysstat package required).
$ crontab -e 00 23 * * * /usr/bin/sar -A > /var/log/consumption.log
Set the default target to boot into X Window level (previously level 5).
$ systemctl set-default graphical.target
Change the hostname to mycentos.example.com
$ hostnamectl set-hostname mycentos.example.com
RHEL6
Setup a /home/rhce directory to facilitate collaboration among the rhce group.
Each member should be able to create files and modify each others’ files, but should not be able to delete any one else’s files in this directory.
$ mkdir /home/rhce $ chown root:rhce /home/rhce $ chmod 770 /home/rhce $ chmod +t /home/rhce $ chmod g+s /home/rhce
Make sure user bob’s account expires after one week.
$ date -d “+1week” $ usermod -e YYYY-MM-DD bob or $ chage -E YYYY-MM-DD bob $ chage -l bob
Set up a default configuration webserver. In the index file, place the sentence “This is a test.”.
Make this webserver only accessible to your machine and server1.example.com.
$ yum install httpd $ chkconfig httpd on $ service httpd start $ echo “This is a test.″ > /var/www/html/index.html $ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT $ service iptables save $ vi /etc/httpd/conf/httpd.conf Order allow,deny Allow from 127.0.0.1 server1.example.com $ service httpd reload
Add 100MB of swap space to your machine using a logical volume.
$ lvcreate –name lv_swap2 –size 100M vg $ mkswap /dev/vg/lv_swap2 $ swapon /dev/vg/lv_swap2 $ vi /etc/fstab /dev/vg/lv_swap2 swap swap defaults 0 0
Create user accounts named tony, mike, and john each with the “redhat” password and belonging to a secondary group called “rhce”.
$ groupadd rhce $ useradd tony -G rhce; passwd tony $ useradd mike -G rhce; passwd mike $ useradd john -G rhce; passwd john
Expand the file system on /home to 2GB in size.
$ lvresize -r -L 2G /dev/vg/lv_home
Set up a default configuration FTP server. Block ftp connections from hackers.net
$ yum install vsftpd $ chkconfig vsftpd on $ service vsftpd start $ vi /etc/sysconfig/iptables-config IPTABLES_MODULES=”nf_conntrack_ftp nf_nat_ftp” $ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 20 -j ACCEPT $ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT $ service iptables save $ service iptables restart $ vi /etc/hosts.deny vsftpd: .hackers.net: DENY
Set up a new 100MB logical volume. Encrypt the volume with LUKS and set it up to automatically decrypt and mount to /crypt at boot. Use the ext4 filesystem and place an empty file in the root of the encrypted filesystem with a name of “test”.
$ lvcreate –name crypt –size 100M vg $ mkdir /crypt $ cryptsetup luksFormat /dev/vg/crypt $ cryptsetup luksOpen /dev/mapper/vg-crypt crypt $ mkfs.ext4 /dev/mapper/crypt $ vi /etc/fstab /dev/mapper/crypt /crypt ext4 defaults 1 2 $ mount -a $ cryptsetup luksAddKey /dev/vg/crypt /etc/keyfile $ chmod 400 /etc/keyfile $ vi /etc/crypttab crypt /dev/vg/crypt /etc/keyfile $ touch /crypt/test
Create a new user “bob”. Give bob, not in the rhce group, read and write access to /home/rhce.
$ useradd bob $ passwd bob $ setfacl -R -m u:bob:rwx /home/rhce
Set up a job to delete all of the regular files in the /home/bob directory on the second day of every month at 8:30 A.M.
$ crontab -e
30 08 02 * * /bin/find /home/bob -type f -exec /bin/rm {} \;
Install the appropriate kernel update from http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages.
The following conditions must also be met:
– the updated kernel is the default kernel when the system is rebooted.
– the original kernel remains available and bootable on the system.
$ uname –r $ wget <a href="http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel*" rel="nofollow">http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel*</a> $ rpm –ivh kernel $ vi /etc/grub.conf Check for default (0 or 1)
Set up the automounter, and configure it to read the DVD on the /misc/dvd directory.
$ yum install -y autofs $ vi /etc/auto.misc dvd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom $ service autofs start
Assume you forget the current root password. Reboot your server and put the “redhat” password instead.
$ reboot Press ‘a‘ at the first GRUB menu at the console. Type ‘single‘ at the end of the line. $ passwd root Type ‘redhat‘.
Create a file named dontcopy in the /root directory and make it impossible to back it up with the dump command.
$ touch /root/dontcopy $ chattr +d /root/dontcopy
Create a logical volume with the name “lv_vol” using 180PE (Physical Extents).
Mount it on /mnt with filesystem ext4.
Make it permanently loaded by uuid.
Create a file called tempo into the /mnt directory.
$ lvs $ lvcreate –name lv_vol -l 180 vg $ mkfs.ext4 /dev/vg/lv_vol $ blkid | grep lv_vol >> /etc/fstab $ vi /etc/fstab UUID=”…” /mnt ext4 defaults 0 0 $ mount /mnt $ df $ touch /mnt/tempo
Create a file called cmd belonging to user and group root in tom‘s directory with the string “/bin/echo Hello!” inside. Configure permissions on it to allow the steven‘s account to read and execute it but not andrew nor tom.
$ cd /home/tom $ echo ‘/bin/echo Hello!’ > cmd $ setfacl -m u:steven:r-x cmd $ setfacl -m u:steven:–x ../tom $ setfacl -m u:tom:— cmd $ setfacl -m u:andrew:— cmd
Install the vsftpd package. Copy the TUNING file coming with the package into the /root directory.
$ yum install -y vsftpd $ rpm -ql vsftpd | grep TUNING $ cd /usr/share/doc/vsftpd… $ cp TUNING /root
Install a httpd server. Make it serve files from /www/html. Write a file called index.html displaying “Hello world!“.
$ yum groupinstall -y “Web server” $ yum install -y setroubleshoot-server elinks $ cp -rp /var/www/* /www $ cd /etc/httpd/conf $ sed -e “s:DocumentRoot \”/var/www/html\”:DocumentRoot \”/www/html\”:g” httpd.conf > httpd.conf2 $ mv -f httpd.conf2 httpd.conf $ service httpd configtest $ echo Hello world! >/www/html/index.html $ semanage fcontext -a -t httpd_sys_content_t “/www(/.*)?” $ restorecon -r /www $ iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT $ service iptables save $ chkconfig httpd on $ service httpd start $ elinks <a href="http://localhost" rel="nofollow">http://localhost</a>
Remove all the files from the /etc/yum.repos.d directory. Set up a repository for the Base packages from (US)University of Oklahoma’s (http://mirror.oss.ou.edu/centos/) or (Germany)ATrpms’s (http://mirror.atrpms.net/centos/) or (China)Beijing Institute of Technology’s (http://mirror.bit.edu.cn/centos/) according to your geographical localization.
$ cd /etc/yum.repos.d $ /bin/rm * $ vi local.repo [base] name=University of Oklahoma – Base baseurl=http://mirror.oss.ou.edu/centos/$releasever/os/$basearch/ enabled=1 gpgcheck=0 $ yum clean all $ yum repolist all
Reduce the size of the lv_vol logical volume to 100MB.
$ umount /mnt $ lvreduce –size 100M -r /dev/vg/lv_vol $ mount /mnt
Create users andrew, tom, and steven with home directories in /home and passwords “redhat“.
Make steven‘s account to expire on May 14, 2015.
$ useradd andrew; passwd andrew $ useradd tom; passwd tom $ useradd steven; passwd steven $ chage -E 2015-05-14 steven; chage -l steven
Create a directory called project in /home. Create two groups called admins and dbas with gid respectively 50001 and 50002. Put andrew account into the admins group and steven account into the dbas group, each time as a secondary group. Configure the project directory for group collaboration among members of the admins and dbas groups with no access for all other users.
$ mkdir /home/project $ groupadd -g 50001 admins; groupadd -g 50002 dbas $ usermod -aG admins andrew $ usermod -aG dbas steven $ setfacl -m g:admins:rwx /home/project $ setfacl -m g:dbas:rwx /home/project $ setfacl -m o:— /home/project
Enable the cron access for root and steven users only.
$ echo steven >/etc/cron.allow
Configure a cron job for the root user to search for files named core in the /usr directory and delete them on every sunday at 11:55pm system time.
$ crontab -e
55 23 * * 0 /bin/find /usr -name core -exec /bin/rm {} \;
Create a script called cmd in the /root directory that displays “Zero” if no parameter is given, “One” if only one and “Several” if more than one.
$ cd /root $ vi cmd !#/bin/bash case $# in 0) echo “Zero”;; 1) echo “One”;; *) echo “Several”;; esac $ chmod u+x cmd
Allow ssh access only from the 192.168.1.0/24 network.
$ iptables -I INPUT ! -s 192.168.1.0/24 -m tcp -p tcp –dport 22 -j REJECT $ service iptables save
По материалам CertDepot